gnu name system 2019 edition
play

GNU Name System: 2019 Edition Christian Grothoff IETF 104 - PowerPoint PPT Presentation

Mar 02, 2023 •332 likes •757 views

GNU Name System: 2019 Edition Christian Grothoff IETF 104 Developers of new name resolution systems that must work in existing contexts actually have no choice: they must use a Special-Use Domain Name to segregate a portion of the namespace

  1. GNU Name System: 2019 Edition Christian Grothoff IETF 104 “Developers of new name resolution systems that must work in existing contexts actually have no choice: they must use a Special-Use Domain Name to segregate a portion of the namespace for use with their system.” –RFC 8244

  2. Context GNU Name System: 2019 Edition 1/1

  3. Applications in GNUnet (under development) ◮ Anonymous and non-anonymous publishing ◮ IPv6–IPv4 protocol translation and tunnelling ◮ GNU Name System : censorship-resistant replacement for DNS ◮ Conversation: secure, decentralized voice communication ◮ SecuShare: social networking ◮ GNU Taler: privacy-friendly payments ◮ ... GNU Name System: 2019 Edition 2/1

  4. DNS troubles ◮ DNS remains a source of traffic amplification for DDoS ◮ DNS censorship (i.e. by China) causes collateral damage in other countries ◮ DNS is part of the mass surveillance apparatus (MCB) ◮ DNS is abused for the offensive cyber war (QUANTUMDNS) Band aid solutions 1 will not fix this. 1 DNS-over-TLS, DoH, DNSSEC, DPRIVE, ... GNU Name System: 2019 Edition 3/1

  5. The GNU name system 2 ◮ Decentralized name system ⇒ Names are not global ◮ Supports globally unique (& secure) identification ◮ Achieves query and response privacy ◮ Provides public key infrastructure ◮ Interoperable with DNS 2 Joint work with Martin Schanzenbach, Matthias Wachs and Patrick Gerber GNU Name System: 2019 Edition 4/1

  6. Zone management GNU Name System: 2019 Edition 5/1

  7. Zone management GNU Name System: 2019 Edition 6/1

  8. Zone management GNU Name System: 2019 Edition 7/1

  9. Zone management GNU Name System: 2019 Edition 8/1

  10. Zone management GNU Name System: 2019 Edition 9/1

  11. Zone management GNU Name System: 2019 Edition 10/1

  12. Zone management GNU Name System: 2019 Edition 11/1

  13. Zonenmanagement GNU Name System: 2019 Edition 12/1

  14. Zone management GNU Name System: 2019 Edition 13/1

  15. Zone management GNU Name System: 2019 Edition 14/1

  16. Name resolution in GNS Local Zone: Bob K pub www A 5.6.7.8 Bob K priv Bob Bob's webserver ◮ Bob can now reach his Web server under www.bob GNU Name System: 2019 Edition 15/1

  17. Secure Introduction Bob Builder, Ph.D. Address: Country, Street Name 23 Phone: 555-12345 Mobile: 666-54321 Mail: bob@H2R84L4JIL3G5C ◮ Bob provides his public key to his friends , i.e. via QR code GNU Name System: 2019 Edition 16/1

  18. Delegation Alice Local Zone: K pub . . . bob PKEY 8FS7 . Bob Builder, Ph.D. . . Address: Country, Street Name 23 Phone: 555-12345 Mobile: 666-54321 Alice K priv Alice ◮ Alice learns Bob’s “public” key ◮ Alice creates a delegation to zone K Bob pub under the label bob ◮ Alice can then reach Bob’s Web server under www.bob.alice GNU Name System: 2019 Edition 17/1

  19. Name resolution DHT Bob Alice Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 18/1

  20. Name resolution 0 DHT PUT 8FS7-www: 5.6.7.8 Bob Alice Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 19/1

  21. Name resolution 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 Bob Alice Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 20/1

  22. Name resolution 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 Bob Alice 2 'bob'? Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 21/1

  23. Name resolution 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 22/1

  24. Name resolution 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 4 8FS7-www? Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 23/1

  25. Name resolution 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 4 8FS7-www? 5 A 5.6.7.8! Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 24/1

  26. Browser Configuration GNU Name System: 2019 Edition 25/1

  27. Browser Configuration GNU Name System: 2019 Edition 26/1

  28. Browser Configuration GNU Name System: 2019 Edition 27/1

  29. Browser Configuration GNU Name System: 2019 Edition 28/1

  30. Browser Configuration GNU Name System: 2019 Edition 29/1

  31. Browser Usage GNU Name System: 2019 Edition 30/1

  32. Privacy issue: DHT 1 www.bob.alice ? 0 DHT PUT 8FS7-www: 5.6.7.8 4 8FS7-www? 5 A 5.6.7.8! Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob Alice 8FS7 A47G . . . . . . www A 5.6.7.8 bob PKEY 8FS7 . . . . . . GNU Name System: 2019 Edition 31/1

  33. Query privacy: terminology G generator in ECC curve, a point n size of ECC group, n := | G | , n prime x private ECC key of zone ( x ∈ Z n ) P public key of zone, a point P := xG l label for record in a zone ( l ∈ Z n ) R P , l set of records for label l in zone P q P , l query hash (hash code for DHT lookup) B P , l block with encrypted information for label l in zone P published in the DHT under q P , l GNU Name System: 2019 Edition 32/1

  34. Query privacy: cryptography Publishing records R P , l as B P , l under key q P , l h : = H ( l , P ) (1) d : = h · x mod n (2) B P , l : = S d ( E HKDF ( l , P ) ( R P , l )) , dG (3) q P , l : = H ( dG ) (4) GNU Name System: 2019 Edition 33/1

  35. Query privacy: cryptography Publishing records R P , l as B P , l under key q P , l h : = H ( l , P ) (1) d : = h · x mod n (2) B P , l : = S d ( E HKDF ( l , P ) ( R P , l )) , dG (3) q P , l : = H ( dG ) (4) Searching for records under label l in zone P h : = H ( l , P ) (5) q P , l : = H ( hP ) = H ( hxG ) = H ( dG ) ⇒ obtain B P , l (6) R P , l = D HKDF ( l , P ) ( B P , l ) (7) GNU Name System: 2019 Edition 33/1

  36. Globally unique identifiers ◮ Public keys are globally unique ◮ Users can use any public key (in a base32 encoding) as a TLD ◮ “alice.bob. KEY ” is a valid, globally unique identifier GNU Name System: 2019 Edition 34/1

  37. Key revocation ◮ Revocation message signed with private key (ECDSA) ◮ Flooded on all links in P2P overlay, stored forever ◮ Efficient set reconciliation used when peers connect ◮ Expensive proof-of-work used to limit DoS-potential ◮ Proof-of-work can be calculated ahead of time ◮ Revocation messages can be stored off-line if desired GNU Name System: 2019 Edition 35/1

  38. Latest political developments Originally, GNS used pTLD “.gnu” as protocol switch. draft-grothoff-iesg-special-use-p2p-names tried to make this official following RFC 6761. ◮ IETF’s dnsop refused to follow RFC 6761 for us, only Apple and Facebook have political power to get “free” TLDs (“.local”, “.onion”) ◮ But, RFC 8244 (quote from slide 1) is wrong: Our latest release allows users to override any domain name ◮ Can override “ietf.org”, or “.fr”, or “.bob” by simply specifying a GNS public key for that domain in configuration: ◮ Usability greatly improved (thank you, IETF) ◮ Transparency reduced for users: usability study showed users cannot tell DNS vs. GNS ◮ gnunet-dns2gns is DNS proxy speaking DNS resolving some names via GNS GNU Name System: 2019 Edition 36/1

  39. Latest techncial developments ◮ Demonstrated scaling of DHT implementation to deal with millions of records ◮ Implemented gnunet-zoneimport to import DNS records by single query (given list of names) ◮ Implemented Ascension to import DNS records via AXFR ◮ Imported “.fr” into GNS zone based on public name list and brute force zone transfer ◮ Imported “.se” and “bfh.ch” using AXFR GNU Name System: 2019 Edition 37/1

  40. Conclusion and outlook ◮ The DNS monopoly is over. ◮ GNS is simpler than DNS: no glue, no NSEC3, no RRSIG ◮ GNS provides private name resolution and censorship resistance ◮ GNS does not require ICANN or a root zone or IANA special-use TLDs ◮ Operators should no longer be advised about “.gnu”, but about name resolution protocol diversity without any signalling ◮ GNUnet will include domain → public key map in default configuration ⇒ Donate just 130,000 EUR to GNUnet e.V. today to get yours! 3 3 This is a special discount for dnsop members. GNU Name System: 2019 Edition 38/1

  41. Questions? More Information on the Web: ◮ https://gnunet.org/gns ◮ Slides will be published at https://grothoff.org/christian/ . “When governments fear the people, there is liberty. When the people fear the government, there is tyranny. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government.” —Thomas Jefferson GNU Name System: 2019 Edition 39/1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 16.99 Recap Last lectures: Basic + more advanced python - Basic: Comments, Numbers, Strings, Lists, Tuples, Dictionaries, Variables, Functions,

965 views • 35 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Recap Last lecture: Version Control Systems git 3 areas creating commits, checking out old commits working with remotes pull/push

1.01k views • 46 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Welcome to different standards *NIX is not *NIX... Mac OS X: ls -G displays colors GNU/Linux: ls --color 3 / 59 cp -R folder/ . cwd cwd cwd

707 views • 59 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Recap Last lecture: - bash scripting - exit codes / status codes / return codes 0 success, else failure - && and II - [ and test -

1.24k views • 58 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Office hours by appointment only from now onwards No lecture on 8th October Midterm: 22nd October (in 3 weeks) 2 / 50 Last lecture: -

620 views • 50 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Logistics Midterm II, this Friday 4pm @ CIT 368 same procedure as for first Midterm Midterm II Review lab today 8pm @ CIT 201 Last homework

590 views • 32 slides
Guidance for Comprehensive Transportation Review (CTR) 2019 Edition Summary of Changes from

Guidance for Comprehensive Transportation Review (CTR) 2019 Edition Summary of Changes from

Guidance for Comprehensive Transportation Review (CTR) 2019 Edition Summary of Changes from 2012 June 12, 2019 Overview History and Evolution of CTRs in the District Whats New in 2019 Edition DDOT Site Review

483 views • 17 slides
CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

Announcements Reading assignments Today and Monday: CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up to p. 191 5 th Edition Lecture 11 Wednesday Modular Exponentiation and Primes

345 views • 5 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Midterm results & Logistics Midterm I average: 78.8% Midterm II average: 83% Final project presentations on 15th Dec @ CIT 3pm - 5pm

640 views • 33 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 2 / 34 3 / 34 docker-compose.yml export DATA_DIR=/db-data && docker-compose up -d

741 views • 34 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 19

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 19

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 19 Databases CS6 Practical System Skills Fall 2019 Leonhard Spiegelberg lspiegel@cs.brown.edu 19.01 What is a database? actually a very broad term, in

632 views • 28 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 18

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 18

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 18 Javascript/JSON CS6 Practical System Skills Fall 2019 Leonhard Spiegelberg lspiegel@cs.brown.edu 18.01 History of Javascript created by Brendan

634 views • 42 slides
CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition

CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition

Announcements Reading assignments Boolean Algebra CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition 10.1 10.3 5 th Edition Lecture 4, Boolean Logic Predicates and Quantifiers

360 views • 5 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14 CS6 Practical System Skills Fall 2019 Leonhard Spiegelberg lspiegel@cs.brown.edu Official git book: https://git-scm.com/book/en/v2 Atlassian

1.11k views • 53 slides
Transportation Review (CTR) 2019 Edition December 2, 2019 Introduction DDOT Released new CTR

Transportation Review (CTR) 2019 Edition December 2, 2019 Introduction DDOT Released new CTR

Guidance for Comprehensive Transportation Review (CTR) 2019 Edition December 2, 2019 Introduction DDOT Released new CTR Guidelines in June 2019 2019 WDCSITE Project of the Year Award Recipient! 143 page doc guides traffic

688 views • 21 slides
Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By

Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By

Operating Systems: Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By William Stallings Operating System Operating System A program that controls the execution of application programs An

1.08k views • 91 slides
Identifying and characterizing Sybils in the Tor network August 12, 2016 USENIX Security

Identifying and characterizing Sybils in the Tor network August 12, 2016 USENIX Security

Identifying and characterizing Sybils in the Tor network August 12, 2016 USENIX Security Symposium Philipp Winter Princeton University and Karlstad University Roya Ensafi Princeton University Karsten Loesing The Tor Project Nick Feamster

313 views • 28 slides
Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James

Distributed Systems Peer-to-Peer Rik Sarkar James Cheney University of Edinburgh Spring 2014 Recap: p2p We studied properEes of p2p

340 views • 33 slides
NoSQL like There is No Tomorrow Khawaja Head of Engineering, NoSQL Swaminathan Sivasubramanian

NoSQL like There is No Tomorrow Khawaja Head of Engineering, NoSQL Swaminathan Sivasubramanian

NoSQL like There is No Tomorrow Khawaja Head of Engineering, NoSQL Swaminathan Sivasubramanian Swami GM, NoSQL @swami_79 @ksshams how can you build your own DynamoDB Scale service? @swami_79 @ksshams lets start with a story about a

1.27k views • 77 slides
Interpreting MRDS output: making sense of all the numbers ML Burt, CREEM, University of St Andrews

Interpreting MRDS output: making sense of all the numbers ML Burt, CREEM, University of St Andrews

Last updated 02/08/2019 Interpreting MRDS output: making sense of all the numbers ML Burt, CREEM, University of St Andrews (lb9@st-andrews.ac.uk) INTRODUCTION The mrds package (Laake et al . 2019) was written to allow the user to estimate

253 views • 10 slides
t = X t h t n d { ( ) } ( ) ( ) = = 0 R 2 S

t = X t h t n d { ( ) } ( ) ( ) = = 0 R 2 S

Outline Outline Single Degree of Freedom System Single Degree of Freedom System Nonstationary Nonstationary & Transient Responses & Transient Responses Examples Examples Double Fourier Transforms

351 views • 3 slides
Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This

Distributed Storage Systems part 1 Marko Vukoli Distributed Systems and Cloud Computing This part of the course (5 slots) Distributed Storage Systems CAP theorem and Amazon Dynamo Apache Cassandra Distributed Systems

767 views • 52 slides
Querying Big, Dynamic, Distributed Data Minos Garofalakis Technical University of Crete

Querying Big, Dynamic, Distributed Data Minos Garofalakis Technical University of Crete

Querying Big, Dynamic, Distributed Data Minos Garofalakis Technical University of Crete Software Technology and Network Applications Lab LIFT Cast: Antonios Deligiannakis, Vasilis Samoladas, Odysseas Papapetrou, Nikos Giatrakos (TUC); Daniel

491 views • 32 slides
Section 3 Reporting for State CDBG Grantees Rafiq Munir, Program Analyst May 5, 2016 Office of

Section 3 Reporting for State CDBG Grantees Rafiq Munir, Program Analyst May 5, 2016 Office of

Section 3 Reporting for State CDBG Grantees Rafiq Munir, Program Analyst May 5, 2016 Office of Fair Housing and Equal Opportunity U.S. Department of Housing and Urban Development 1 Regulatory Requirement 24CFR Part 135.90 Reporting: Each

212 views • 9 slides

More recommend