New size of the value field

[sugarpuff]

As namecoin seems more a "public index" than a "distributed storage"
What about, instead of storing the GPG key in the blockchain, storing a GPG_key_server_name.bit instead, hosting the keys with the same id/ ?
9k is too much I think, 1k is maybe enouth to store any "reference" to a data but not the data itself ?

why? So far I have not yet heard one single good argument against the 9k.

Mr. GiToo may be correct.

I hope everyone here, like me, wants Namecoin to supersede DNS, in addition to providing other features such as Identities, key GPG key distribution, etc.

There will be 10 billion people on this planet in only a generation or two. If Namecoin is to power the internet for that future planet (or even today's), 9k is too much. Even 4k is too much.

How many websites are there? 625 million as of November 2012, possibly growing exponentially?

How many identities will there be? Several billion. About one for every person.

Let's say that combined, in 2020 there will be 20 billion entries in the blockchain (a very conservative estimate), for domains, identities, and whatever else people put there. If the average entry is 1KB in size, then that's a cool 20TB that has to be distributed. By that time, 20TB will be easily doable, but this is a conservative estimate, and it assumes that no data is ever repeated in the blockchain.

Is data repeated? I'm not familiar enough with NMC to know, but if it is, that's 20TB time some constant. Does that seem reasonable to you, especially if it's not necessary?

Storing fingerprints of keys, along with an optional field that says where the key can be found, achieves the same exact end-result, but would significantly reduce the size of the NMC blockchain. I personally see no reason to store the key itself, so I'll throw in my objection.

[biolizard89]

As namecoin seems more a "public index" than a "distributed storage"
What about, instead of storing the GPG key in the blockchain, storing a GPG_key_server_name.bit instead, hosting the keys with the same id/ ?
9k is too much I think, 1k is maybe enouth to store any "reference" to a data but not the data itself ?

why? So far I have not yet heard one single good argument against the 9k.

Mr. GiToo may be correct.

I hope everyone here, like me, wants Namecoin to supersede DNS, in addition to providing other features such as Identities, key GPG key distribution, etc.

There will be 10 billion people on this planet in only a generation or two. If Namecoin is to power the internet for that future planet (or even today's), 9k is too much. Even 4k is too much.

How many websites are there? 625 million as of November 2012, possibly growing exponentially?

I'm assuming at least 1 website per person, because 2 major factors in the number being so low now are (1) high price of domains, and (2) centralization of the Internet, both of which Namecoin aims to decrease. So let's say 10 billion.

How many identities will there be? Several billion. About one for every person.

A lot of people have multiple aliases, and this will increase when people realize that privacy is important. So let's say 30 billion.

Let's say that combined, in 2020 there will be 20 billion entries in the blockchain (a very conservative estimate), for domains, identities, and whatever else people put there. If the average entry is 1KB in size, then that's a cool 20TB that has to be distributed.

Thing is, there's nothing stopping people from inserting larger data using the "import" field. And the proposal to increase the size of the field is such that using "import" is cheaper than using larger name values. The correct way to stop blockchain size spiking (in my opinion) is to have the fee structure set up so that spamming the blockchain is more expensive.

By that time, 20TB will be easily doable, but this is a conservative estimate, and it assumes that no data is ever repeated in the blockchain.

It will be possible to build lite-clients with strong security. So not every user has to download the blockchain. However, this will impact privacy, so I would agree that users should be able to download the entire blockchain if possible, or at least download an entire namespace.

Is data repeated? I'm not familiar enough with NMC to know, but if it is, that's 20TB time some constant. Does that seem reasonable to you, especially if it's not necessary?

Right now, revising data introduces a duplicate in the blockchain, and expired names are not removed from the blockchain. This should be changed ASAP. Once this is changed, the blockchain will not contain repeated data.

Storing fingerprints of keys, along with an optional field that says where the key can be found, achieves the same exact end-result, but would significantly reduce the size of the NMC blockchain. I personally see no reason to store the key itself, so I'll throw in my objection.

I think I agree that storing a hash of a key is reasonable. Implementation will be slightly more complex, but only slightly. Inserting a call to wget isn't really a big deal when writing this software. If it reduces blockchain size, I'm fine with storing a hash of a key.

[sugarpuff]

It will be possible to build lite-clients with strong security. So not every user has to download the blockchain. However, this will impact privacy, so I would agree that users should be able to download the entire blockchain if possible, or at least download an entire namespace.

Can you elaborate on how it would impact privacy?

Do any lite clients exist today for Namecoin?

Do any clients offer the ability to download just one namespace?

[biolizard89]

It will be possible to build lite-clients with strong security. So not every user has to download the blockchain. However, this will impact privacy, so I would agree that users should be able to download the entire blockchain if possible, or at least download an entire namespace.

Can you elaborate on how it would impact privacy?

Do any lite clients exist today for Namecoin?

Do any clients offer the ability to download just one namespace?

Basically, if you possess the entire blockchain, no one can tell which names you're looking up. With a lite client, the nodes from whom you request data will know which names you're looking up. It would be possible to ask for more data than you really need, e.g. downloading all current names in an entire namespace, which would restore a lot of your privacy.

There are no such clients right now. My understanding is that most of this work is being done by the Bitcoin devs, and will be merged into Namecoin when it's mature.

[sugarpuff]

Basically, if you possess the entire blockchain, no one can tell which names you're looking up. With a lite client, the nodes from whom you request data will know which names you're looking up. It would be possible to ask for more data than you really need, e.g. downloading all current names in an entire namespace, which would restore a lot of your privacy.

Mmm.. I see. Well, you can also pick trustworthy folks to ask, and speak in tongue to them. This needs to be supported by NMC DNS servers. Something I hope to post more about soon.

There are no such clients right now. My understanding is that most of this work is being done by the Bitcoin devs, and will be merged into Namecoin when it's mature.

Roger.

I think it's more important to focus on the DNS servers than on lite clients. I don't think it's necessary for most people to have any part of the block chain on them (except their private keys for ownership proof & control). We should be able to rely on the connection to NMCDNS servers for everything else.

[biolizard89]

Basically, if you possess the entire blockchain, no one can tell which names you're looking up. With a lite client, the nodes from whom you request data will know which names you're looking up. It would be possible to ask for more data than you really need, e.g. downloading all current names in an entire namespace, which would restore a lot of your privacy.

Mmm.. I see. Well, you can also pick trustworthy folks to ask, and speak in tongue to them. This needs to be supported by NMC DNS servers. Something I hope to post more about soon.

There are no such clients right now. My understanding is that most of this work is being done by the Bitcoin devs, and will be merged into Namecoin when it's mature.

Roger.

I think it's more important to focus on the DNS servers than on lite clients. I don't think it's necessary for most people to have any part of the block chain on them (except their private keys for ownership proof & control). We should be able to rely on the connection to NMCDNS servers for everything else.

The DNS protocol is inherently insecure for Namecoin purposes. Using secure lite clients would be a much better option, as you would be certain that names are authentic.

[sugarpuff]

The DNS protocol is inherently insecure for Namecoin purposes. Using secure lite clients would be a much better option, as you would be certain that names are authentic.

Yes, as is, it's insecure, but I'm not referring to using it as-is, just referring to the need for DNSNMC servers and their potential usefulness. It would be easy to secure it, just auth the DNS server's response via a pinned cert (ala your Convergence model), and the problem is effectively solved, plus no need for lite clients (for most people, you could of course run your own for greater security).

[biolizard89]

The DNS protocol is inherently insecure for Namecoin purposes. Using secure lite clients would be a much better option, as you would be certain that names are authentic.

Yes, as is, it's insecure, but I'm not referring to using it as-is, just referring to the need for DNSNMC servers and their potential usefulness. It would be easy to secure it, just auth the DNS server's response via a pinned cert (ala your Convergence model), and the problem is effectively solved, plus no need for lite clients (for most people, you could of course run your own for greater security).

With Convergence, the pinned cert is trusted because it's generated on your own computer. You can't do that for a third-party DNS server....

[sugarpuff]

With Convergence, the pinned cert is trusted because it's generated on your own computer. You can't do that for a third-party DNS server....

Huh? Convergence has "notaries" that you must trust. These are effectively "third-party DNS servers", are they not?

[biolizard89]

With Convergence, the pinned cert is trusted because it's generated on your own computer. You can't do that for a third-party DNS server....

Huh? Convergence has "notaries" that you must trust. These are effectively "third-party DNS servers", are they not?

Convergence for Namecoin does not use notaries; it uses nmcontrol as its verification source for .bit domains. Upstream Convergence uses a locally generated CA cert to make verified certs appear legitimate to Firefox; Convergence for Namecoin uses this code to make nmcontrol-verified certs work in Firefox without showing warnings. Trusting notaries is not involved in using Convergence for Namecoin, and I would not endorse any security model which requires doing so.