Transitioning the web to Namecoin by addressing squatters

sugarpuff
Posts: 110
Joined: Tue Oct 22, 2013 10:17 pm

Transitioning the web to Namecoin by addressing squatters

Post by sugarpuff » Sun Dec 22, 2013 1:42 am

The only criticism of relevance that I have received (so far) from those reviewing DNSNMC is that people do not like domain squatters and therefore do not want to switch to a system where all the existing trademarked and copyrighted names have already been registered:
  1. https://www.reddit.com/r/netsec/comment ... te/ce45865
  2. http://lists.randombit.net/pipermail/cr ... 05959.html
  3. http://lists.randombit.net/pipermail/cr ... 05960.html
I think this is one of the main things that is holding Namecoin back from widespread adoption, and therefore we must address this issue.

Herein I propose a very simple method to address this problem:

namecoind must be modified to give existing TLDs special treatment in a way that paves for a smooth transition from today's DNS, to a Namecoin-based DNS like DNSNMC.

New namespaces will be created for each of today's TLDs, and only the owners of those domains (in the deprecated, old DNS system) can register them. For example, only the owners of apple.com can register com/apple, etc. Proof of ownership is done by special NMC DNS records that contain the owner's cryptographic signature/fingerprint. When Namecoin clients receive a notification that someone wants to register a domain in the com namespace, they check the JSON request to verify that it was signed by the same signature that appears in the old DNS records. If they match, the registration request is accepted and added to their local blockchain. If it does not match, the request is discarded. Similarly, the namecoin client itself will perform this check locally before sending out the request to other peers (to provide instant feedback to users attempting to register something that doesn't belong to them).

Thoughts?

sugarpuff
Posts: 110
Joined: Tue Oct 22, 2013 10:17 pm

Re: Transitioning the web to Namecoin by addressing squatter

Post by sugarpuff » Sun Dec 22, 2013 4:47 am

Corresponding thread on Hacker News: https://news.ycombinator.com/item?id=6949014

indolering
Posts: 800
Joined: Sun Aug 18, 2013 8:26 pm
os: mac

Re: Transitioning the web to Namecoin by addressing squatter

Post by indolering » Sun Dec 22, 2013 5:29 am

The biggest thing we could do to get rid of squatters is to raise the base price to something above almost free. That would get rid of the vast majority of the squatters immediately.

The top 1K domains are locked out, aren't they? What if instead of locking out all existing domains we multiply the price based on based on Alexa's ranking. If someone can put in proof of ownership by publishing a DNS txt entry, the price drops to baseline.

I mean, if someone is hosting malware or spoofing an existing site, the browser should add it to its internal block list. I know that ICANN requires registrars to check names against a tademark database prior to registration and a process for trademark owners to take over domains. Maybe that's why there is nothing at apple.yt or gmail.sx, we would have to ask a professional domain name squatter to find out.
DNS is much more than a key->value datastore.

biolizard89
Posts: 1999
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Transitioning the web to Namecoin by addressing squatter

Post by biolizard89 » Sun Dec 22, 2013 5:33 am

sugarpuff wrote:The only criticism of relevance that I have received (so far) from those reviewing DNSNMC is that people do not like domain squatters and therefore do not want to switch to a system where all the existing trademarked and copyrighted names have already been registered:
  1. https://www.reddit.com/r/netsec/comment ... te/ce45865
  2. http://lists.randombit.net/pipermail/cr ... 05959.html
  3. http://lists.randombit.net/pipermail/cr ... 05960.html
I think this is one of the main things that is holding Namecoin back from widespread adoption, and therefore we must address this issue.

Herein I propose a very simple method to address this problem:

namecoind must be modified to give existing TLDs special treatment in a way that paves for a smooth transition from today's DNS, to a Namecoin-based DNS like DNSNMC.

New namespaces will be created for each of today's TLDs, and only the owners of those domains (in the deprecated, old DNS system) can register them. For example, only the owners of apple.com can register com/apple, etc. Proof of ownership is done by special NMC DNS records that contain the owner's cryptographic signature/fingerprint. When Namecoin clients receive a notification that someone wants to register a domain in the com namespace, they check the JSON request to verify that it was signed by the same signature that appears in the old DNS records. If they match, the registration request is accepted and added to their local blockchain. If it does not match, the request is discarded. Similarly, the namecoin client itself will perform this check locally before sending out the request to other peers (to provide instant feedback to users attempting to register something that doesn't belong to them).

Thoughts?
This would break the censorship-resistance and security guarantees of Namecoin since the "owner" of ICANN domains can be maliciously altered. And how is this proof of ownership supposed to work after it's in the blockchain? Let's say I mine a block myself, and include a fraudulent .com domain. Will other clients reject the block? If clients reject blocks that don't match their view, how do they know that the block was incorrect when it was mined? Maybe a domain just changed ownership.

There are other proposals to deal with squatters that don't rely on ICANN domains.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

sugarpuff
Posts: 110
Joined: Tue Oct 22, 2013 10:17 pm

Re: Transitioning the web to Namecoin by addressing squatter

Post by sugarpuff » Sun Dec 22, 2013 5:39 am

biolizard89 wrote:This would break the censorship-resistance and security guarantees of Namecoin since the "owner" of ICANN domains can be maliciously altered. And how is this proof of ownership supposed to work after it's in the blockchain? Let's say I mine a block myself, and include a fraudulent .com domain. Will other clients reject the block? If clients reject blocks that don't match their view, how do they know that the block was incorrect when it was mined? Maybe a domain just changed ownership.
Yes they'll reject it. Domains that are "stable" (not at a point of transition, either due to ownership change, or expiry) will be accepted if the DNS checks out.
There are other proposals to deal with squatters that don't rely on ICANN domains.
Oh, please link to them in that case! I'd love to see them. I am by no means attached to the current proposal, if there are better ones that can assuage the concerns of today's domain owners, and do it in a way that avoids all potential edge-cases, by all means, please share! :)

biolizard89
Posts: 1999
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Transitioning the web to Namecoin by addressing squatter

Post by biolizard89 » Sun Dec 22, 2013 6:01 am

sugarpuff wrote:
biolizard89 wrote:This would break the censorship-resistance and security guarantees of Namecoin since the "owner" of ICANN domains can be maliciously altered. And how is this proof of ownership supposed to work after it's in the blockchain? Let's say I mine a block myself, and include a fraudulent .com domain. Will other clients reject the block? If clients reject blocks that don't match their view, how do they know that the block was incorrect when it was mined? Maybe a domain just changed ownership.
Yes they'll reject it. Domains that are "stable" (not at a point of transition, either due to ownership change, or expiry) will be accepted if the DNS checks out.
There are other proposals to deal with squatters that don't rely on ICANN domains.
Oh, please link to them in that case! I'd love to see them. I am by no means attached to the current proposal, if there are better ones that can assuage the concerns of today's domain owners, and do it in a way that avoids all potential edge-cases, by all means, please share! :)
virtual_master proposed an auction-based system with a maximum fee: https://dot-bit.bit/forum/viewtopic.php ... 9982#p6653

A few notes on this that weren't addressed in his post (read his post before you read the following):

(1) I think if his proposal were implemented, all domains currently owned should go up for auction at a prechosen block height, with the "initial owner" being the person who owned it at the previous block. This means that everyone who owns a high-value name now can keep their name if they're willing to pay e.g. 200NMC for it, which will rate limit squatters into extinction but will be fine for people with 1-2 high-value names.

(2) This interoperates fine with Greg Maxwell's proposal to hash/encrypt names, because it's trivial to do a dictionary attack on registered names but not a brute-force attack. So if someone registers a high-value name that's already in the dictionary (e.g. a trademark database), it can be contested, but if I register a high-value name that no one else has thought of, no one will contest it, which is good, since it's rightfully mine.

(3) The choice of maximum fee should be able to float with the exchange rate based on supply/demand; I proposed a median consensus mechanism to do this. Each miner embeds some text in their block which states their choice of max name fee; the effective price is the median of e.g. the 2048 previous blocks. This allows the number to be adjusted without a hardfork (including by default settings changes in namecoind if the miners don't object), but a single malicious user can't give himself a cheap name by mining a couple of blocks himself. (Maliciously changing the max name fee would require 51% of mining power, in which case all security bets are off anyway.)

EDIT:

Regarding your first point, the issue is that blocks are checked for validity regardless of age. So how would you be able to verify blocks containing an expired .com domain?
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

gigabytecoin
Posts: 67
Joined: Tue May 10, 2011 12:49 am
os: linux
Location: Behind 50 Proxies

Re: Transitioning the web to Namecoin by addressing squatter

Post by gigabytecoin » Sun Dec 22, 2013 7:04 am

biolizard89 wrote: This would break the censorship-resistance and security guarantees of Namecoin since the "owner" of ICANN domains can be maliciously altered. And how is this proof of ownership supposed to work after it's in the blockchain? Let's say I mine a block myself, and include a fraudulent .com domain. Will other clients reject the block? If clients reject blocks that don't match their view, how do they know that the block was incorrect when it was mined? Maybe a domain just changed ownership.

There are other proposals to deal with squatters that don't rely on ICANN domains.
re: the "owner" of ICANN domains can be maliciously altered.

How is that exactly? I have owned thousands of ICANN registered domains over the years and have never, ever, had a domain name "maliciously taken" from me.

Has google.com ever been in the ownership of somebody other than Google, INC? How about apple.com?

If you're worried that ICANN may decide to do so themselves and go rogue then place some kind of "ICANNs-GONE-CRAZY" kill switch in namecoind that allows the developers to stop the practice as soon as ICANN decides to mess with namecoin.

Ben
Posts: 65
Joined: Fri Dec 20, 2013 2:22 pm
os: linux

Re: Transitioning the web to Namecoin by addressing squatter

Post by Ben » Sun Dec 22, 2013 9:26 am

The ICANN domain namespace is packed with squatters, do they then get a free ride to Namecoin? If you're going to do it like that why not look at an actual TM database and figure it out that way?
N9kVqK8zrgtHvD6kD4yk3UgM2dkP2NykDr

biolizard89
Posts: 1999
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Transitioning the web to Namecoin by addressing squatter

Post by biolizard89 » Sun Dec 22, 2013 1:17 pm

gigabytecoin wrote:
biolizard89 wrote: This would break the censorship-resistance and security guarantees of Namecoin since the "owner" of ICANN domains can be maliciously altered. And how is this proof of ownership supposed to work after it's in the blockchain? Let's say I mine a block myself, and include a fraudulent .com domain. Will other clients reject the block? If clients reject blocks that don't match their view, how do they know that the block was incorrect when it was mined? Maybe a domain just changed ownership.

There are other proposals to deal with squatters that don't rely on ICANN domains.
re: the "owner" of ICANN domains can be maliciously altered.

How is that exactly? I have owned thousands of ICANN registered domains over the years and have never, ever, had a domain name "maliciously taken" from me.

Has google.com ever been in the ownership of somebody other than Google, INC? How about apple.com?

If you're worried that ICANN may decide to do so themselves and go rogue then place some kind of "ICANNs-GONE-CRAZY" kill switch in namecoind that allows the developers to stop the practice as soon as ICANN decides to mess with namecoin.
Two points here:

(1) You apparently are unaware of WikiLeaks, Pirate Bay, and the large number of other websites that have had domains seized.

(2) The proposal would break blockchain validation even if a single domain is hijacked on a single network. I.e. if 500 miners have a single (different) DNS entry censored on their network, then they generate 500 blockchain forks. Relying on nondeterministic off-chain data is simply not workable for blockchain validation. This isn't just about certain domains being censored. This proposal would break the entire blockchain if any domain is censored from the point of view of any miner.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Re: Transitioning the web to Namecoin by addressing squatter

Post by virtual_master » Sun Dec 22, 2013 3:35 pm

Ben wrote:The ICANN domain namespace is packed with squatters, do they then get a free ride to Namecoin? If you're going to do it like that why not look at an actual TM database and figure it out that way?
As you observed correctly ICANN is a centralized system and was still not able to solve this problem. How should they resolve this problem ? Blocking reservation of the most important names like Google and Microsoft wouldn't resolve very much because many people reserve M1crosoft or Gogle or G00gle or Go-ogle and the most names wouldn't be covered at all but they would have increased costs.
By a decentralized system it is even more difficult to make a good solution.
Namecoins most important properties are decentralization(with censorship resistance) and privacy.
Keeping this valorous properties it is not easy to find an ideal solution(especially for all parties) especially by the domain name reserving.
Namecoin is in continuous development and this year here has been done much more than any other alt-coin.
At the beginning it was criticized that the fees are too high so they were reduced. After that it was criticized that is to low and squatters reserved many names.
Now the developers are working on the client rebase because this was considered as the most urgent. The fee restructuring will be implemented after the rebase is done.

Another issue is that we must regard balanced the question. You shouldn't imagine those who reserved hundreds of good names as evil persons. Some people have hundreds of ideas and why they shouldn't have a domain for every idea. Especially if they had those ideas before the others had.
And there is no technique in the world which can say if somebody reserved 100 names for himself or with the intention to sell it or to make something good/bad with them, especially no decentralized one.
biolizard89 wrote: virtual_master proposed an auction-based system with a maximum fee: https://dot-bit.bit/forum/viewtopic.php ... 9982#p6653

A few notes on this that weren't addressed in his post (read his post before you read the following):

(1) I think if his proposal were implemented, all domains currently owned should go up for auction at a prechosen block height, with the "initial owner" being the person who owned it at the previous block. This means that everyone who owns a high-value name now can keep their name if they're willing to pay e.g. 200NMC for it, which will rate limit squatters into extinction but will be fine for people with 1-2 high-value names.

(2) This interoperates fine with Greg Maxwell's proposal to hash/encrypt names, because it's trivial to do a dictionary attack on registered names but not a brute-force attack. So if someone registers a high-value name that's already in the dictionary (e.g. a trademark database), it can be contested, but if I register a high-value name that no one else has thought of, no one will contest it, which is good, since it's rightfully mine.

(3) The choice of maximum fee should be able to float with the exchange rate based on supply/demand; I proposed a median consensus mechanism to do this. Each miner embeds some text in their block which states their choice of max name fee; the effective price is the median of e.g. the 2048 previous blocks. This allows the number to be adjusted without a hardfork (including by default settings changes in namecoind if the miners don't object), but a single malicious user can't give himself a cheap name by mining a couple of blocks himself. (Maliciously changing the max name fee would require 51% of mining power, in which case all security bets are off anyway.)

EDIT:

Regarding your first point, the issue is that blocks are checked for validity regardless of age. So how would you be able to verify blocks containing an expired .com domain?
Yes. Thanks for pointing this solutions.
As Biolizard already wrote we think that we found an optimal solution which is even more balanced and righteous than ICANN is from every point of view. We should have the best solution to preserve the interests of the users, miners, legitimate name owners and the interests of the Namecoin network.
I would add the proposed solution to balance the ownership of the already reserved names with a domain name contesting system which should simulate a process which is in the real society with ICANN domains.
If a domain name is reserved by somebody who is not the owner of that registered brand name than a lawyer is payed to sue the actual owner and the legal system is eating tens or millions of dollars until they resolve the dispute.
By Namecoin sometimes will be not possible to know the owner of the registered name but we should find a good solution for this problem. So with implementing the domain contest this dispute would be resolved inside of the Namecoin economy and the dispute fees would come to the network as miner fee + network fee combination. The network fee would be not a coin destruction but a coin-blocking.
Anybody could contest a domain(1000 block waiting for ex) as long as the payed registration fee is lower then the maximum fee(200 NMC proposed). So if somebody reserved Google with 0.02 NMC Google can contest it for ex with 0.04 NMC and if nobody offers more in 1000 blocks ~ 1 week then it belongs to them. If somebody offers more then who has the max offer will take it.
If the max fee is payed then it cannot be contested any more.
The max. limit would be necessary to protect legitimate name owners which don't have much money.
I would propose also a 2x factor for new bids(by the contesting person)to protect poor people but with many good ideas that others take it easily from them the domains. Original registrants can always defeat the contestation if paying the same amount as the contestant.
If somebody have lost his domain by a contestation that person should receive back his locked coins after the locking period but payed miner fees should remain by the miners as it would be difficult to bring back from the miners.
This is not a perfect solution but would reduce name squatting to a minimum and would defend also legitimate but poor name owners. The miners would also receive their reward for solving this conflict in the blockchain. The coin-locking fees would be necessary to avoid that miners can abuse this system and also to redirect a part of this fees to improve the long term hash-rate of the network. All parties will have the possibility to come to their right and the miners and the network would also profit as an internal economic enhancement.
Of course we can discuss about where to put the balance between this interests and every idea and proposal is welcome.
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

Post Reply