Hacker News new | comments | show | ask | jobs | submit login
Transitioning the web to Namecoin by addressing name-squatters (dot-bit.org)
57 points by itistoday2 on Dec 22, 2013 | hide | past | web | favorite | 58 comments



Here's a crazy notion: maybe the squatters don't matter?

DNS isn't going away anytime soon; maybe not ever. Dot-bit domains can exist alongside the old domain system, competing by being cheaper, resistant to censorship, more flexible, etc.

Can't get mycooldomain.bit? No problem, grab mycoolerdomain.bit, or go old-school with mycooldomain.com. Apple can't get apple.bit? No biggie, they've still got the .com, and if they want the .bit bad enough, they'll pony up the cash. (It would also greatly help if a way to make purchase offers was baked into NameCoin itself.)

The posted idea is an interesting one, and it's worth considering, but from where I sit, the significant roadblock to adoption is implementation in browsers and/or operating systems.


This is a great proposal. DNS is probably internet's biggest weakness and making it decentralized should be a top priority.

I haven't adopted Namecoin yet, but i still will when this is implemented.


I don't really see why dns shouldn't just be a personal address book of names -> ips plus pointers to address books of other people you trust.

I don't think it's such a big deal to have names that aren't agreed by everyone across the world.


Because it's really convenient to communicate them to people in contexts where they can't just click a link. Perhaps telling someone a URL in conversation, or on a billboard or magazine.


I think you just reinvented the "hosts" file there.


You should look into GNS, GNUNet's DNS alternative.


Is there any way to enforce a use requirement?

One idea would be to have an agent[0] with its own Bitcoin wallet purchase server time that it uses to index the web and compute a uniqueness factor of each page. The agent then calculates a tax based off a blended index of the website's size and uniqueness. Because squatters don't have the resources to make all of their sites unique they will get taxed hard. Big websites like Facebook and Twitter are unique but they are also large, so they could be levied a larger amount to support the agent which will presumably require a lot of server power. Small, unique sites would barely get taxed at all.

Just an idea.

[0] https://en.bitcoin.it/wiki/Agents


You seem to have forgotten that there are many legitimate uses for domain names that do not involve using them to run websites. How do you propose to index a domain that gets used only for (say) mail, or only for CDN provisioning, or only for reserving namespace for a public API?


Ahh yes, good point. Could the agent learn how to recognise each of these use cases and tax accordingly? Or could people learn to put up a unique website for any domain they use, or risk being taxed?


Doesn't much help when people squat pepsi.com. It's already got a unique website, which just doesn't happen to belong to the squatter.


That's right, but I don't think opportunistic squatters are that big a deal. The problem is people who own portfolios of names that don't get used, and there's no way these players can put unique pages up for an entire portfolio. Killing portfolio squatters is possible... not sure there's any feasible way to hit the long tail though.


This is too late since all the domains are squatted and there is little to no incentive for those squatting these domains; and these domains have been available to apple, etc for as long as anyone else.

Unless they are just going to reset the blockchain; the I don't really see how this type of "rule" will be implemented or supported by the namecoin hash power.

There might be more support for

- A .bit pool bounty to companies that become early adopters of .bit

- A .bit pool bounty to companies if some number of major DNS server support the .bit domain directly

- A sort of 'emminent domain' reward to the 'squatters' in a way that relates the "price" (paid in namecoin or bitcoin, probably) to the (alexa, or other) ranking of the domain with a time table for these companies to purchase.


You seem to have not understood the proposal.

The proposal is about introducing new namespaces that map today's DNS into namespaces that can be looked up in the Namecoin blockchain.

.bit domains are stored in the "d" namespace. These would go into others (that don't exist yet) based on their extension.


Oh; you are right I obviously missed the crux of the proposal.

However, I still think the proposal is flawed but for a different reason.

How do you determine who owns the .com domain? When a domain is seized by the government does the com/piratebay domain respect the blockchain or the centralized DNS now updated signtaure? If it's the latter.. what's the point of using the blockchain version at all?


Good point. The entire value of NMC blockchain is to remove reliance on the current DNS system which this would kind of nullify.

Another related topic is that a judges ruling is meaningless in regards to NMC, so for example, if someone were to steal google.com by stealing the private key, google.com would have no recourse besides paying a ransom. They cannot get a judge to force the address to be given back. Their domain name would be hijacked forever. In the case of bitcoin, it's great that you can't revert a transaction. In the case of domains on NMC blockchain, I'm not so sure.


How do you determine who owns the .com domain? When a domain is seized by the government does the com/piratebay domain respect the blockchain or the centralized DNS now updated signtaure? If it's the latter.. what's the point of using the blockchain version at all?

Expiry dates would be set to match those from today's DNS entries, so that addresses new owners.

As far as domain-seizures go, first it should be emphasized that this issue affects probably less than 1% of 1% of internet domains. However, to answer the question: if the domain was stolen from its owners prior to the expiry date, I personally see no reason to change the entry contents in the blockchain to match that of the stolen property. They can wait for it to expire and then register it like everyone else. :-p

Meanwhile, I doubt the piratebay would be using the .com (and we know that they can't today). They'd be using the .bit (or whatever else), because they'd be protected from such theft. ^_^


I like that they're addressing this issue and think this is a good way to do it. My only concern is a semantic one: currently "d/" is the prefix for domains, "a/" for alias information (basically a global address book), etc... It doesn't make sense to create another prefix for domains (actually, many more prefixes for domains, since I imagine this won't just apply to com). I think instead they should consider something like "d/com/*" or something long those lines. It keeps DNS information all under the same prefix, and still conveys that the information is for the "legacy" com tld.


It's all fairly preliminary at the moment, and I imagine it will be worked over for weeks by the great minds that keep namecoin running.

You should setup an account on the dot-bit.org forums and voice your opinion there. It is a good suggestion, and I'm sure you'll have others!


I also like mediocregopher's suggestion and second the call for folks to share their thoughts on the dot-bit.org forum. :)


I don't know exactly how Namecoin works, but I assume it's pretty similar to Bitcoin in that all clients must agree on which transactions are valid or invalid, otherwise they risk forking the blockchain and disagreeing on which transactions are included.

The problem I see with this proposal is each client needs to check the DNS record independently to ensure a transaction is valid. What happens if the DNS server happens to be unreachable or the owner accidentally or maliciously removes the signature in a DNS record after their transaction has been included in a block?

Or maybe I'm misunderstanding things and Namecoin works differently?


What happens if the DNS server happens to be unreachable

This is not a problem with Namecoin, right? Traditional DNS has the exact same problem, namely general intolerance to failure.


I don't think you understood my concern. The problem is if a signature stored in a legacy DNS record is used to verify a "registration" of a Namecoin domain, every Namecoin client needs to see the exact same "view" of that record, otherwise some Namecoin clients will consider it valid and some will consider it invalid, forking the Namecoin blockchain.


You're right, I didn't pick up on that. Sorry.


Right. Mainly because everybody who runs a full namecoin node will have access to the equivalent of a root name server: http://en.wikipedia.org/wiki/Root_name_server


More like they will have access to the dot-bit TLD name servers.


It is possible to delegate stuff to DNS (and some DNSSEC patches were recently merged - see http://dot-bit.org/forum/viewtopic.php?f=5&t=1434&p=7718), but even if records are delegated to DNS namecoin doesn't know or care what's there.

Namecoin is essentially a key-value store. A .bit domain is a key under Namecoin's d/ namespace, and the value is some JSON data describing the domain, per this spec: http://dot-bit.org/Namespace:Domain_names_v2.0

Edit: Actually, to further clarify, Namecoin itself doesn't know/care about the semantics of what data is stored for a domain. The data is interpreted by applications that act as application layer bridges to other resolver protocols. Check out nmcontrol and NamecoinToBind for examples.


No you're right, it's Bitcoin with a few extra transaction types.

It seems like a pretty fundamental problem...Namecoin uses a system that enforces consistency, so you can't make it depend on a system that doesn't enforce consistency without breaking it.


What happens if the DNS server happens to be unreachable or the owner accidentally or maliciously removes the signature in a DNS record after their transaction has been included in a block?

If enough clients saw the transaction I don't see what the problem is. The domain owner would also be running a client after all, and they'd have the private keys to prove that they own the transaction.

Once it makes it into the longest running blockchain with enough confirmations there's no reason to check the old DNS again (I don't think, unless I'm missing something). The next time the old DNS will need to be queried is when the domain expires. Maybe, by that point, no one will be relying on the previous system anymore. ;)


Let's say someone hacks a DNS server and adds the namecoin sig entry. They don't get it into root servers, but there's a population of namecoin users who see it. Hacker then issues a matching namecoin transaction registering that domain.

So now one population of namecoin nodes sees the hacked entry, accepts the transaction, and puts it in a block. Another population doesn't see it and rejects the transaction. The blockchain forks.

You might get by if the hacked DNS is seen by a minority of users. Then the chain without the disputed transaction will win anyway and all is well.

But suppose most DNS nodes have the hacked entry? Then the minority will refuse to accept the majority chain, since they can't validate it, and the fork persists. If that seems implausible, imagine a hacker watching for a new DNS namecoin entry, and making his hacked DNS server immediately remove it.

A few things would help a bit:

- Only accept namecoin registrations when the matching DNS entry is old enough to have propagated everywhere

- If the longest blockchain has old blocks that don't validate against DNS, keep checking. Hopefully the errant DNS servers will get fixed soon and that'll resolve the fork.

- If the disputed block gets old enough, just go ahead and accept it if it's in the longest chain. You're just trying to minimize squatting, and letting some skilled squatters through isn't the worst disaster.

But it's still kind of a mess because namecoin isn't just a naming system, it's also a currency. For as long as the fork persists, people can doublespend their coins. It'll be resolved but in the meantime maybe a merchant has shipped goods. You're essentially creating money that depends on the integrity of DNS for security.


As of right now, Namecoin doesn't look at data in DNS for validating transactions.

This proposal involved hard-forking Namecoin, and has a lot of inherent issues with it. Also note that this proposal is by "some guy on a Namecoin forum", and not anything official.


Yes, I was writing about the proposal the OP was about, not Namecoin as it exists today.


Also note that this proposal is by "some guy on a Namecoin forum", and not anything official.

And note that Bitcoin was a proposal by "some guy with a fake name."


This was brought up in the forums, and here was the reply:

Yes, this needs to be addressed. The proposal can be kept as-is with the following modification/addition:

In order to prevent such attacks, it could be required that transactions need be confirmed across N "different networks", where "different networks" can be measured by some metric (IP2location, the first two octets of an IPv4 address, etc.). The value for N can be based as a percentage of the number of nodes running in the past 48 hours, or some other means.

Copied from here: http://dot-bit.org/forum/viewtopic.php?p=7746#p7746


Hm. I suppose if each node connects to a large number of DNS servers scattered around the internet, that would help a lot.


Yes, that's one way, although I think it would be safer for the verification to be done by other peers (on the answers provided by other peers), as opposed to peers doing it themselves by connecting to many DNS servers. The reason being the possibility that the traffic on a network is controlled entirely by an adversary, and thus all outgoing connections to port 53 (via UDP) could get routed to the same IP, regardless of what the destination IP actually is.


Namecoin is one place where crypto-currencies get really interesting. I'm really excited to see what people can actually DO with blockchain technology, not just create a speculative financial instrument ;)



I think Ripple is a another good idea. They are put down because I think they control their blockchain, but it really applies the blockchain technology. Maybe they are looking to be acquired, but I think it is useful.


Ripple doesn't actually use a blockchain, as I understand it. They use another consensus mechanism based on asking peers you trust for data.

I like Ripple's general idea but I'm not convinced they've actually come up with another solution to distributed consensus. So far they're sticking with a master list of trustworthy peers, which suggests they're not convinced either.

Bitcoin's colored coins might accomplish similar objectives though.


Can someone give me an idiots guide to how namecoin works, and why we as consumers should care? I get that its some sort of de-centralized name server protocol, that uses coins to fund/drive use, but who gets paid in this value vs who doesn't eludes me. Also if I want to register a domain on top of namecoin, how do I do that? Who can even see the domain later if the dns zones haven't been accepted by all the ISPs?


Namecoin is very early in its development. As a consumer, you probably shouldn't care. Yet.

But, as a software developer working in the systems management space, I care. And, as someone that has always been uncomfortable with the centralized control of the DNS system and the horribleness of most registrars, I care. Namecoin is one potential solution to the latter problem, and it's something that I need to have on my radar for the day when it may become relevant to the users of the software I work on.

To answer your specific questions:

Who gets paid in this value vs who doesn't? The miners who maintain the Namecoin network get paid. They validate and secure your transactions when registering domains. Right now, the cost to someone registering a domain with Namecoin is very low...a few cents to register a .bit domain. And, it is expected to remain low, as it is not an expensive network to maintain (relative to Bitcoin, for example; at least for the time being).

To register a domain with Namecoin, you install a Namecoin client, and make a transaction, as documented here: http://dot-bit.org/HowToRegisterAndConfigureBitDomains

You need a tiny amount of Namecoin to do this. It can be purchased with Bitcoin on many exchanges, or can be mined with Bitcoin ASIC mining equipment (it is merge-mined with Bitcoin, so it doesn't require resources to be diverted to mining Namecoin...but it also means it is not effectively mine-able with consumer hardware because a large percentage of the Bitcoin network is also working on Namecoin).

As for who can see the names? Anyone who has a DNS server that has .bit information. There are a few out there: http://dot-bit.org/How_To_Browse_Bit_Domains

But, it is mostly theoretical. There's little reason for clients to configure this, and until their are lots of clients, there's little reason to have a Namecoin based domain. But, maybe that'll change. I'm tinkering with it, and will likely launch some services around it before too long, as I think it's a really cool idea. And, while the implementation has had some hiccups, it's the best we've got...and the chain hard fork a couple weeks back (to fix some problems with name registration) was successful, so we're probably on a pretty solid footing now.

I, personally, find Namecoin to be one of the most interesting Bitcoin derivatives...it has a very clear purpose, and solves a problem that has been a minor thorn in every IT admin's side since the beginning of the Internet. It'll likely never see the kind of speculation that Bitcoin has seen, and that's probably a good thing. Domain names should be cheap, and responsibly used and managed by the Internet community as a whole.


I haven't seen this idea anywhere, but it'd be great if Namecoin hindered domain squatters.

One way you could hinder them is geometrically increasing cost of registering additional domains from existing accounts.

Examples:

- Adam wants to set up his personal site. It costs him X to register.

- Bob wants to set up his personal site, and 3 hobby sites. It costs him X + 2X + 4X + 8X = 15X or (2^4 - 1)X.

- Carl the domain squatter wants to register 100 domains. It costs him (2^100 - 1)X. This could be defeated by changing Carl's business name, or other details, which creates extra hassles for him.

Edit: Didn't know that registering new accounts is near 0 effort. Guess that nixes this idea.


There is no way to stop people from having multiple accounts.


Couldn't you limit it based on credit card number, a corresponding phone number, a Facebook ID, verified address, etc.? Even if it doesn't fully limit it, it perhaps makes it harder.


No. That would defeat the entire user model, which is purpsoefully derived from Bitcoin's anonymity structure.


To be pedantic, BitCoin (and most other cryptocoins) are pseudonymous, not anonymous. But yes, one user can have multiple pseudonyms.


That would require trusted centralized verification.


namecoin attempted to hinder domain squatters by charging less and less per domain overtime; where the first domains cost a lot of namecoin, and now they are very cheap. The problem was only that the the adoption was too slow to for this to have had a big effect.

edit: the notion of "existing accounts" is broken here; "new accounts" are free/cheap and not related to identities.


imho that approach would have worked if they had implemented merged mining before implementing namecoin.

That's somewhat of a moronic statement considering the namecoin crew invented the idea of merged mining. But I digress...

I remember back when namecoin came out... they started the difficulty at 512 instead of 1 (bitcoin's initial difficulty) which made sense at the time, because GPUs were everywhere by then. But with namecoin being so new (and worthless) the difficulty soon dropped to the ~200 range, and anybody with a few GPUs could literally mine 1,000s of NMC per day.

Case in point, the 50 NMC they charged for the first domains was still much too cheap. One could theoretically mine with an average rig for 1 week and register a few hundred of the first domains available.


Not sure if NMC already does this, but why not auction the domains? Whoever "bids" the largest value owns the domain.


It does not currently do this. I'm not sure that the BTC protocol really has support for auctioning transactions.


It could though. My associate Jorge Timon and I have worked out a protocol by which this could occur whithout increasing the storage requirements of validation nodes. Applying the principles of Henry George's land tax, you could then charge a percentage fee based on the highest bid value.

But then again, for domains there's something to be said for first-come-first-serve protection.


Have you written up that protocol? Sounds pretty interesting.


I described it on the developer IRC channel. It'll get written up eventually. It's a simple application of this data structure:

http://sourceforge.net/mailarchive/message.php?msg_id=317705...

With some new opcodes.


Doesn't do this currently, but there are proposals for exactly this type of bidding system on the forums, including in the comments of the linked thread.


I don't see a good explanation of how Namecoin works and how exactly it fixes DNS issues. (The biggest one is squatters. I would rank centralization as #2.) Is there a quality document free from marketing hype that describes that?


I don't see a good explanation of how this works and how it fixes DNS issues.

How this particular proposal works was outlined in the thread. It assumes that the reader knows enough about how Namecoin and DNS work for it to be obvious how an implementation would be carried out.

Re: "how it fixes DNS issues", you might find this document interesting (about a Namecoin-based DNS system called DNSNMC):

http://okturtles.com/other/dnsnmc_okturtles_overview.pdf


This seems like a misguided effort to me. I'd prefer something that eliminates domain naming conventions entirely, but provides features along the lines of a certificate authority.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: