more on Beyond the DNS

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tobin Maginnis <ptm () pix cs olemiss edu>
Date: October 1, 2005 10:25:56 PM EDT
To: dave () farber net
Subject: Re: [IP] Beyond the DNS


Hi Dave,       [For IP if you wish...]

I have enjoyed the fascinating discussion on DNS, but there seems to  
be several small points that were either implied or assumed which I  
think could be developed more fully.

One point is the nature of DNS as a parallel entity to networking. In  
a way, it's similar to how the lymphatic system relates to the  
circulatory system. The lymphatic system helps identify infectious  
agents, but it's the circulatory system that does the real work in  
fighting pathology.

As indicated in an earlier discussion, Domain Name Service (DNS) is  
implemented with nothing more than a series of hierarchical files  
that lead to a name (URL prefix) and IP address pair. The actual data  
transfer in the Internet (including DNS lookup) is carried out  
through TCP/DGP and IP exchanges.

A second point is that internet access is really a search problem as  
opposed to a name identification problem. Said another way, Google  
would probably be just as effective search engine as it is today if  
it simply searched the IP address space (without using URLs) on port  
80 and noted all the resulting web page information.

My third point is that URLs are really a form of advertisement where  
the domain name register wants you to think of the browser URL field  
as a top-of-mind search term. So, instead of searching for brain  
surgery, simply type brain-surgery.com into your browser. (You  
guessed it, the top listed Google search result for brain surgery is,  
in fact, brain-surgery.com.)

Not speaking for the general internet population, I will say that I  
NEVER use top-of-mind search terms as experimental URLs. The reason,  
of course, is that this trial and error method relies upon on  
trustworthy advertisers, and I prefer to rely upon the track record  
of a trusted search engine that provides a context for my search terms.

So call me naive, but I think the worry about the number of root  
servers is a little silly since: a) it is in the best interests of an  
advertiser to want a traditional TLD name in a unified name space and  
b) regardless of the URL, it's the context of your search terms that  
dictate weather or not you will visit a given URL. So rather put a  
lot energy into a fully accurate (meaningful) and reliable URL  
mechanism, I would argue that we should put that effort into more  
usable and powerful search engines.

Thanks,
Tobin Maginnis

David Farber wrote:

> Begin forwarded message:
> From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
> Date: October 1, 2005 12:58:15 PM EDT
> To: dave () farber net, 'Ip Ip' <ip () v2 listbox com>
> Cc: "'Strata R. Chalup'" <strata () virtual net>, 'John R Levine'   
> <johnl () iecc com>, "'David P. Reed'" <dpreed () reed com>
> Subject: Beyond the DNS
> I've been meaning to catch up on writing about these ideas but it's
> difficult to do it as a full essay -- it's easier to do so in   
> response to
> some email in a venue that (I hope) is tolerant of typos. In fact, one
> recent post I did the class omission of a "not" - I thought it was   
> obvious
> enough so didn't send a correction -- those of you who were puzzled  
> were
> right in being puzzled.
> I want respond to the latest round of DNS discussions based on the
> Neustar/Cellular attempt to confuse the DNS issues even more. I'll   
> attempt
> to summarize my current thoughts and the hard problems that need to be
> solved or, far better, finessed by restating the problem/solution  
> space.
> I'm giving only a brief overview but I realize it may be difficult   
> for many
> of the readers to feel comfortable with the approach I take anymore  
> than
> Bellheads can accept the cacophony of the Internet being a  
> transport for
> high quality sound. At least there's a simple physical model of  
> packets
> traveling around - even when it's wrong. I remember when I realized  
> that
> token and Ethernets don't really have packets on the wire -- the  
> network
> wire is typically not long enough to hold even a single bit once  
> you  work
> out the math.
> The approach I'm taking replaces the hierarchical world of wires and
> routers with a world based on capability algebras and topologies.  
> But  it's
> not that alien -- we can recognize some of the properties in  
> today's  net.
> To the extent that we define relationships in terms of pairs of IP
> addresses, the relationships are independent of the path or wire or  
> even
> when there is a wire. This has interesting implications for public   
> policy
> -- especially the FCC (and its counter-parts around the world)  
> whose  whole
> existence is premised on the idea that the path not only matters  
> but is
> worth trillions of dollars. The path no longer matters and those   
> trillions
> of dollar might as well be Monopoly money rather than monopoly money.
> The problem of decentralizing the Internet is an interesting one  
> that  I've
> been thinking about for a long time (with David Reed and others  
> being  very
> helpful). Just as the Internet is not a fancy version of the phone   
> system,
> the replacement for the DNS is not a replacement for the DNS. Nor  
> is the
> next iteration a fixed Internet.
> There isn't a single monolithic P2P community but we can see   
> examples. IM
> systems typically have their own namespaces independent of the DNS.
> Thinking a little further it's useful to note that the DNS "solves"  
> two
> problems -- one very poorly and the other only as an illusion.
> The first "solution" is providing stable handles in lieu of the IP   
> address
> which is not stable because it has to serve the roles of both  
> handle  (name)
> and path. But the DNS entries are leased and reused so aren't really
> stable. But they are stable in the wrong way -- they are difficult to
> change and overstay their welcome. This is why John Levine posited   
> that the
> CellCos may want their own mechanism for mobility -- I disagree,  
> but  I can
> understand the problems with using the DNS and its very long TTLs  
> --  over a
> second!
> The other problem is mapping intent to entry -- the names used as   
> keys are
> dangerously misleading but 'nuf said on that.
> We don't need all this stuff. You can coin your own stable handle   
> using a
> GUID (Globally Unique ID) which is self-generated. It's fundamental  
> to a
> lot of software and systems. A crypto-GUID is even better -- it's
> unguessable.
> The routing is not a layer but an optional service if two end  
> points  want
> to exchange packets. These end points are not computers but  
> abstractions
> such as a conversation. Since naming is independent of path it is
> intrinsically mobile. Maintaining the relationships is a matter of   
> finding
> new path and that's an engineering problem that has many solutions. In
> fact, I claim it's easier than today's approach which requires the net
> track all the LANs while depriving of the ability to dynamically   
> update the
> path identifiers to facilitate routing.
> Note that in this scheme the net is no longer a LAN of LANs --   
> routing is
> not a layer and the model is not hierarchical.
> The other problem is finding end points and the big change is that   
> you are
> found only if you list yourself where you want to be found and in   
> doing so
> you choose who is allowed to find you.
> There are lots of interesting implications beyond simply obviating   
> the DNS
> and ICANN authority that derives from the DNS and beyond making the
> relegating the IP address to the status of a temporary circuit   
> identifier.
> One is that the end point identifier itself becomes a resource  
> that  can be
> used as a capability. It's also a flat name space -- no @. You can't
> enumerate the end points but you can create algebras and topologies in
> interesting ways for access control. Access control being  
> intrinsically
> ambiguous -- it can mean you don't have a path or that you don't have
> authority and you can't necessarily distinguish between the two.  
> It's  just
> a hint of how to think about this model.
> It's a model that is happening anyway in limited forms in the P2P   
> world. It
> is as different from today's Internet as the Internet is from the  
> phone
> network yet is far more in keeping with the End-to-End argument.   
> Encryption
> is also fundamental so you don't worry about bits getting to the   
> wrong end
> points and you don't have to trust any particular path so all paths  
> are
> "safe" even if they aren't all effective.
> Global (not just local) meshing just happens. Since relationships are
> defined independent of the path or particular wire -- or whether   
> there is a
> wire.
> It's wonderful except ... how do you know which bits really mean   
> what. You
> may assume that WIPO will give you an authoritative mapping of a  
> name  like
> "Cadillac Dog Food" into the bits associated with that trademark in  
> the
> appropriate context. It's hard to know that a given set of bits   
> represent
> Joe Smith. To the extent the bits are capabilities they are also "true
> names" that can allow me to present myself authoritatively. Dealing  
> with
> this requires some crypto concepts and dealing with exposures.
> We also have to presume failures and want to be able to handle   
> devices like
> switches embedded deeply within physical structures. We don't even   
> have an
> effective definition of failure but that's a longer deeper discussion.
> In today's Internet we think we understand the answer and we also   
> treat the
> DNS as authoritative. Nice simplifying assumptions and it allows  
> us  to get
> a lot done. The same simplifying assumptions that allow us to go  
> surfing
> and make it easy to go phishing - and you can't easily facilitate  
> one  and
> prevent the other ...
> -------------------------------------
> You are subscribed as ptm () pix cs olemiss edu
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/