The Missing Piece: On Namespace Management in NDN and How DNSSEC - - PowerPoint PPT Presentation

The Missing Piece: On Namespace Management in NDN and How DNSSEC Might Help

Pouyan Fotouhi Tehrani1, Eric Osterweil2, Jochen Schiller3, Thomas C. Schmidt4, Mathias W¨ ahlisch3

1Weizenbaum Institut / Fraunhofer FOKUS 2George Mason University 3Freie Universit¨

at Berlin 4Hamburg University of Applied Sciences

September 25, 2019

1 / 11

Benjamin Franklin usatoday.com.co b l

• m

b e r g . m a

Benjamin Franklin usatoday.com.co b l

• m

b e r g . m a

Oh, what a tangled web we weave, when first we practice to deceive!

– William Shakespeare

Benjamin Franklin usatoday.com.co b l

• m

b e r g . m a

Oh, what a tangled web we weave, when first we practice to deceive!

– William Shakespeare Walter Scot

HOLD UP!

HOLD UP!

Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?

HOLD UP!

Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does? ...or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?

HOLD UP!

Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does? ...or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?

JAIN!

HOLD UP!

Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does? ...or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?

JAIN!

YES. Technical aspects:

• Self-certifying names
• Trusted third parties (TTP)
• ...

HOLD UP!

Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does? ...or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?

JAIN!

YES. Technical aspects:

• Self-certifying names
• Trusted third parties (TTP)
• ...

NO. Non-technical aspects:

• Trademarks
• Legal disputes
• ...

* Graphics licensed under CC-BY 4.0 – Twiter, Inc and other contributors

Internet Phone Book

* Graphics licensed under CC-BY 4.0 – Twiter, Inc and other contributors

Internet Phone Book How entries are entered and read from phonebook. IETF for DNS

* Graphics licensed under CC-BY 4.0 – Twiter, Inc and other contributors

Internet Phone Book How entries are entered and read from phonebook. IETF for DNS How to decide what names should be entered in the phonebook. ICANN for DNS

* Graphics licensed under CC-BY 4.0 – Twiter, Inc and other contributors

Internet Phone Book How entries are entered and read from phonebook. IETF for DNS How to decide what names should be entered in the phonebook. ICANN for DNS Ofen contentious...

* Graphics licensed under CC-BY 4.0 – Twiter, Inc and other contributors

But, why did we wind up needing this (for DNS)? Internet Phone Book How entries are entered and read from phonebook. IETF for DNS How to decide what names should be entered in the phonebook. ICANN for DNS Ofen contentious...

But, why did we wind up needing this for (global) naming?

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1994: RFC 1591 “It is up to the requestor to be sure he is not violating anyone else’s Trademark.” year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom year domain names (#) 1996: First court ruling in Germany Domain names are comparable to “telephone numbers, bank routing numbers or postal codes.”

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization 1997: Court ruling in Germany Domain names indicate origin and can be related to natural and legal persons. year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1999: UDRP Launch 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#)

5 / 11

1998: ICANN Green/White Paper 1999: UDRP Launch 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 1000 2000 3000 4000 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#) dispute cases before WIPO (#)

5 / 11

1998: ICANN Green/White Paper 1999: UDRP Launch 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 1000 2000 3000 4000 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#) dispute cases before WIPO (#) 2003: RFC 3467 “Increasing commercialization of the Internet, and visibility of domain names that are assumed to match names of companies or products, has turned the DNS and DNS names into a trademark batleground.”

5 / 11

1998: ICANN Green/White Paper 1999: UDRP Launch 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 1000 2000 3000 4000 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#) dispute cases before WIPO (#) 2006: RFC 4367 “[...] there has been a strong demand to acquire names that have significance to people, through equivalence to registered trademarks, company names, types of services, and so on. There is a danger in this trend [...]”

5 / 11

1998: ICANN Green/White Paper 1999: UDRP Launch 1985 1990 1995 2000 2005 2010 2015 2020 103 104 105 106 107 108 109 1010 1000 2000 3000 4000 RFC 1296 ISC 1983: RFC 882 1987: RFC 1034 .com boom 1997: Initiating DNS Privatization year domain names (#) dispute cases before WIPO (#)

Lessons learnt:

• 1. Names are not just labels used to identify things,

they require policy and context.

• 2. If ICN is to experience its own boom, holistic

namespace management is required.

5 / 11

Agenda

Introduction Namespace Management in ICN NDNSSEC: NDN + DNSSEC Conclusion and Research Roadmap

6 / 11

Agenda

Introduction Namespace Management in ICN NDNSSEC: NDN + DNSSEC Conclusion and Research Roadmap

6 / 11

Namespace Management Concept

Generic ICN

ICN Namespace N

Namespace Management Concept

Generic ICN

ICN Namespace N Zone Zi ∈ Z Divided Into Zones

Namespace Management Concept

Generic ICN

ICN Namespace N Zone Zi ∈ Z Divided Into Zones Zone Owner manages Producers authorizes

Namespace Management Concept

Generic ICN

ICN Namespace N Zone Zi ∈ Z Divided Into Zones Zone Owner manages Producers authorizes provision under

7 / 11

Agenda

Introduction Namespace Management in ICN NDNSSEC: NDN + DNSSEC Conclusion and Research Roadmap

8 / 11

NDNSSEC

DNS Zone Space . com.

• rg.

ietf.org. tools.ietf.org.

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ...

Excerpt of DNS zone records

NDNSSEC: DNS Zone Appropriation for NDN

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ...

Excerpt of DNS zone records

NDNSSEC: Producer Authorization

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ...

Excerpt of DNS zone records Producer Zone Owner

NDNSSEC: Producer Authorization

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ...

Excerpt of DNS zone records Producer Zone Owner provides credentials

NDNSSEC: Producer Authorization

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records Producer Zone Owner provides credentials enlists credentials

NDNSSEC: Data Publishing

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/html/rfc882 Meta Info Content

Data Packet Producer

NDNSSEC: Data Publishing

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content

Data Packet Producer prefix w/ zone apex

NDNSSEC: Data Publishing

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Producer prefix w/ zone apex sign

NDNSSEC: Data Publishing

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Producer prefix w/ zone apex sign register

• n NDN

NDNSSEC: Producer Authentication

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Consumer

NDNSSEC: Producer Authentication

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Consumer retrieves

NDNSSEC: Producer Authentication

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Consumer retrieves fetches credentials

NDNSSEC: Producer Authentication

ndnified DNS Zone Space / /com /org /org/ietf /org/ietf/tools

tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ... tools.ietf.org 1800 IN DNSKEY 256 3 6 ... tools.ietf.org 1800 IN DNSKEY 257 3 7 ... tools.ietf.org 1800 IN DNSKEY XXX X X ...

Excerpt of DNS zone records

/org/ietf/tools/html/rfc882 Meta Info Content Signature

Data Packet Consumer retrieves fetches credentials verifies signature

9 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

10 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

Where we are ✔ Ecosystem to globally manage and secure names (based on DNS)

10 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

Where we are ✔ Ecosystem to globally manage and secure names (based on DNS) ✔ Prototype to synergize with NDN

10 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

Where we are ✔ Ecosystem to globally manage and secure names (based on DNS) ✔ Prototype to synergize with NDN

10 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

Where we are ✔ Ecosystem to globally manage and secure names (based on DNS) ✔ Prototype to synergize with NDN Where we want to be ➜ DNS data w/o DNS transport

10 / 11

Conclusion and Research Roadmap Multi-stakeholder scenarios require namespace management.

Where we are ✔ Ecosystem to globally manage and secure names (based on DNS) ✔ Prototype to synergize with NDN Where we want to be ➜ DNS data w/o DNS transport ➜ Evaluate performance and feasibility (synchronization disparities, etc.)

10 / 11

Thanks! It’s time for

Qestions, Comments, and Criticisms.

11 / 11