05 Dec 2010
I am looking at the web page of the P2P “Open NIC” project: http://wiki.opennicproject.org/dotP2PTLD.
They intend to create a DNS registry for P2P names. I am sure that they are
well intentioned, but I can help thinking that there is a contradiction between
the goal of “independence from authority” and the means of “let’s create a
virtuous central registry.” The central registry is a single point of failure, interference
by governments being one of many failure modes.
In a true P2P system, we want participants to be able to
create names “at will.” But there is a problem. What if two participants decide
to register the same name? How do we decide who gets to use that name? How do
we even know that two parties are trying to use the same name?
We could of course try to use the name system itself to “resolve
the collisions.” A participant chooses a name, but before using it checks
whether that name is already in use. That is certainly good practice, but it is
not failure proof. For example, two participants could create the same name at
the same time, and not find out until later. A partial failure of the system at
the time of the check would also prevent the participant to find out that the
name already exists.
In PNRP, we only solved that problem by allowing multiple
nodes to publish the same name. We introduced the concept of a “name instance,”
i.e. a combination of a name and an instance number. There can be multiple
nodes publishing the same name, but each name and instance number pair is
unique. Our initial idea was to use IPv6 addresses as the instance number, which
guarantees that the instances are unique.
Of course, instance numbers are not sufficient to guarantee
that there is only one “owner” for a name. We only solved that in PNRP for the “secure”
names, derived from a public key. Only the owner of the public key, or a node
authorized by that owner, can publish the name. In PNRP, we tied names to keys
by making the name a hash of the key. These names are thus very large random
numbers, so large that having a collision is extremely unlikely. But it also
limits their use to specific applications.
I am pretty sure that we could rework the “secure
name” idea to work in a P2P DNS environment. The big question is, can we do
that without maintaining a central registry?