[messaging] GNU Name System

Trevor Perrin trevp at trevp.net
Mon Oct 6 02:08:57 PDT 2014

On Sun, Oct 5, 2014 at 2:01 PM, D. J. Bernstein <djb at cr.yp.to> wrote:
> Am I the only one who's bothered by all the effort to build naming/PKI
> systems that put, e.g., VeriSign and Google and anyone who compromises
> them in control of all communications between Alice and Bob?

If you're referring to centralized or provider-based key directories,
I see those as more about "opportunistic encryption".  Users could
still opt for end-to-end authentication (enabling TOFU warnings,
checking fingerprints, registering with transparency monitors, etc).

> What I'd like from a naming system is something better, namely maximum
> security. This concept is explained in, e.g.,
>    https://groups.google.com/forum/#!original/talk.politics.crypto/bC-4Kt3nUVM/AIOgqVlWoCoJ

Nice, I hadn't seen such a clear early statement of the "passing keys
alongside names" argument (since then: SFS [1], YURLs [2], S-Links
[3], DNSCurve [4], Tor Hidden Services, etc).

Making it easy for people to pass public keys or fingerprints is a
challenge.  We could try to optimize text representations, use QR
codes or NFC, use Namecoin-like names, and so on.  GNS looks like
another alternative.

> The reason I'm writing now is that I
> think most people here haven't yet heard of the GNU Name System, a
> _usable_ maximum-security decentralized naming system:
>    https://gnunet.org/sites/default/files/paper_cans2014_camera_ready.pdf

So GNS allows you to assign keys "petnames" scoped under your key -
roughly you sign the other key and its petname with your key.  Then
you lightly encrypt it ("query privacy") and publish it to a DHT,
using a symmetric key based on your public key and the petname itself.

So you can tell someone Alice's key by telling them your name for it
("carol").  If they know your public key, they can use it to lookup
your "carol".  Comments:

 * "Scoped" names seem sort of confusing and less useful than global
names.  I.e. "carol" isn't the global name of Alice's key, it's only
my name for Alice's key, so it's only useful if you already know my
key and understand this concept.

 * "Query privacy" doesn't seem enough to prevent harvesting a lot of
the social graph.  I.e. if you know my public key and are willing to
do thousands of DHT lookups, you'll probably find a lot of my
petnames.  And if there's no DHT, storing all the entries in one place
will enable offline cracking.


[1] http://en.wikipedia.org/wiki/Self-certifying_File_System
[2] http://www.waterken.com/dev/YURL/Definition/
[3] http://www.secure-links.org/
[4] http://dnscurve.org/

More information about the Messaging mailing list