X-Powered-By: PHP/4.4.4-8 Content-type: text/html MJ O'Donnell, Citizen, Network Handles [CS Dept., U Chicago]

Michael J. O'Donnell (Mike)

The Citizen

A Proposal to Separate Internet Handles from Names

Updates regarding PKI

After I wrote the CACM article and the Internet Draft, I realized that the main use of cryptographically self-signed handles in the DNS system is more likely to be public key sharing, rather than establishment of permanent handles. Illness disrupted my writeup, so it is only in the form of slides for a class. I would welcome any co-author who could help me get the revised ideas into print. Here is a brief description, with a pointer to the class slides:

Minimalist Public Key Infrastructure
Many proposals for public key infrastructure try to solve real authentication problems, by associating keys with supposedly reliable identities, using chains or webs of trust. This seems to violate a key principle of infrastructure design: don't solve high-level problems, just provide tools. I propose to apply ideas from specialized areas of security to provide a minimalist PKI, providing an identity relation, but no identities as objects. Trust may be constructed in many different ways, at varying costs, depending on its importance in a particular application. Pages 187-215 of the slides with notes for the Internet course treat this topic (slides numbered 131-150: the notes increase the numbers in some viewers, but not in others).

The following proposal has most or all of the functionality desired for a minimalist PKI. But, it presents the value of such an infrastructure to provide permanent network handles, even if no authentication nor encryption is needed between two communicating parties.

Proposal Summary

The Internet community has suffered from recent conflict over Top-Level Domains (TLD) in the Internet's Domain Name System (DNS), and the Internet Corporation for Assigned Names and Numbers' (ICANN) administration of them. The intensity of this conflict is partly due to the inflated value of domain names, particularly at the top and second levels. That inflated value derives partly from the historical conflation of two logically separate functions into the DNS:

  1. translation of handles for services available on the Internet into Internet Protocol (IP) numbers for routing purposes, and

  2. directory lookup (DL) of somewhat mnemonic and guessable names for services.

Most of the commercial value of domain names derives from their suitability as names in the DL function. But, domain names are actually used mostly as handles. DNS is currently the sole provider of handles for the Internet, while Google, Yahoo, and other independent agencies compete to provide useful DL services for a variety of types of names, some assigned and some derived from Web content. Those who only desire handles are forced to compete with powerful corporations who covet domain names for their value in DL services.

I propose to deflate the value of domain names by providing numerical and non-mnemonic handles through an independent service, separate from DNS and all other DLs. The new service will provide handles promiscuously to all who ask for them, either free of charge or for a tiny administrative fee to cover costs. With this new service, DNS will compete separately for its value as a handle resolution service and as a DL name resolution service. I expect that, in the new regime, DNS domains will have a very low commercial as well as technical value, and will eventually be completely superseded. But I do not propose to attack the use of DNS by any means other than attractive competition.

Without the market inefficiency due to bundling of handles with names in DNS, I expect ICANN's administration of DNS to provoke much less conflict, because its potential for unintended harm will be much less.

Documents and Discussion

Valid HTML 4.0!

Last modified: Thu Sep 3 20:20:06 CDT 2009