C3Subtitles: 30C3: The GNU Name System
back

The GNU Name System

A Decentralized PKI For Social Movements

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:51:58
Language
English
Abstract
DNS, DNSSEC and the X.509 CA system leak private information about users to server operators and fail to provide adequate security against modern adversaries. The fully decentralized GNU Name System provides a privacy-enhancing and censorship-resistant alternative.

The Domain Name System (DNS) is vital for access to information on the Web. It is thus a target for attackers trying to suppress free access to information. This talk introduces the design and implementation of the GNU Name System (GNS), a fully decentralized and censorship-resistant name system. GNS provides an privacy-enhancing alternative to DNS and existing public key infrastructures (such as X.509 certificate authorities), while giving users the desirable property of memorable names. The design of GNS incorporates the possibility of integration and coexistence with DNS.

GNS builds on ideas from the Simple Distributed Security Infrastructure (SDSI), addressing a central issue with the decentralized mapping of secure identifiers to memorable names: namely the impossibility of providing a global, secure and memorable mapping without a trusted authority, also known as Zooko's triangle. GNS uses the transitivity in the SDSI design to replace the trusted root with secure delegation of authority, thus making petnames useful to other users while operating under the strong adversary model assumed by Zooko.

In addition to describing the GNS design, this talk also discusses some of the mechanisms that are needed to smoothly integrate GNS with existing processes and procedures in Web browsers. Specifically, we show how GNS is able to transparently support many assumptions that the existing HTTP(S) infrastructure makes about globally unique names.

Talk ID
5212
Event:
30C3
Day
1
Room
Saal 6
Start
9:45 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
grothoff