Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] DNS Hackery

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DNS Hackery


Chronological Thread 
  • From: Alex Maurin <coyo AT darkdna.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] DNS Hackery
  • Date: Tue, 01 Oct 2013 17:24:16 -0500

Easier privacy protection, wiretapping and censorship countermeasures, canceling out weaknesses in DNS that permit ICE seizures, easier carrier-mediated Bittorrent acceleration, carrier-accelerated VPN connections, etc.

The idea is that these standards help give carriers a way to protect their subscribers that doesn't violate the law outright. An ISP's first obligation and responsibility is to his subscribers and clients, first.


On 9/28/2013 2:19 AM, Psilo wrote:
What for, except just doing things different?


Le vendredi 27 septembre 2013, Alex M (Coyo) a écrit :
In

RFC 5080 - Using OpenPGP Keys for Transport Layer Security (TLS) http://www.faqs.org/rfcs/rfc5081.html

RFC 4398 - Storing Certificates in the Domain Name System (DNS) http://www.faqs.org/rfcs/rfc4398.html and

RFC 6698 - The DNS-Based Authentication of Named Entities (DANE) http://www.faqs.org/rfcs/rfc6698.html

It is proposed that alternatives to the x.509 CA PKI be replaced by a more decentralized system based on a Secure DNS.

I was wondering what your thoughts would be on the extrapolation I thought up when I awoke this morning.

What if when you jacked in, DHCP+DNS gave you a whole heck of a lot more than just a bunch of IP addresses?

SRV records would only be the beginning. When you consider the possibility of port sub-port multiplexing (using a single TCP/UDP port for many independent services)

For example, DHCP might assign you a list of BitTorrent trackers and DHT seed nodes. (likely long-lived rTorrent seedboxes), or perhaps assign you a list of Tor relays to help bootstrap immediately by querying guard nodes for a directory cache, rather than bootstrapping directly with hard-coded directory authorities.

Another example might be assigning other protocols other than IPv4 or IPv6. Although tunneled AppleTalk or IPX/SPX would  be possibilities, so would many experimental networks be possible.

Another possibility would be using DHCP to bootstrap to special DNS servers which then finish your bootstrapping process, spinning up VPN tunnels to your favorite points within the Internet.

Another possibility would be using DHCP to bootstrap a thin client into ISP-hosted Intercloud instances, connecting to always-on cloud-hosted desktop operating systems.

DHCP, when combined with DNS, LDAP and Kerberos, might bootstrap into many community VPNs at once, making daily Internet and Intercloud use the norm, rather than the exception.

DHCP+DNS could work together on a lot of things, quickly providing the best user experience possible.

I wonder what kinds of things might be possible, if we extend DHCP, DNS, LDAP, IRC and Kerberos into a cohesive whole?

It's something I've been thinking a lot about.


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



Archive powered by MHonArc 2.6.19.

Top of Page