User:Elifarley/pds: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
No edit summary
 
(22 intermediate revisions by the same user not shown)
Line 1: Line 1:
==peer domain system==
{{Category=Wireless mesh networking}}
A decentralized name resolution system which provides strong authentication and name conflict prevention.
 
'''Peer Domain System''' is a '''decentralized name resolution system which provides strong authentication and prevents name conflicts.'''
 
==Introduction==
 
Basically, PDS keeps domain name data in '''.pdz''' or '''.pdr''' text files, which contain '''signed associations''' of '''domains''' to '''targets''', which can be IPs, CNAMEs (aliases to other names, DNS- or PDS-based)...
 
These files are simple enough so that their domain associations can be easily spread by pasting their content on Twitter, discussion forums, web pages, emails, and so on. Users can simply copy a PDR text line found on a page and paste it on a text file inside the PDS application folder. Or they try to access a domain, and if it's not found among the currently available PDR files, the PDS client will automatically try to fetch it using Bit Torrent or a DHT-based map.
 
 
 
One of the design goals is to make it easy to share name resolution data.
 
==Design Goals==
* Be [[wikipedia: Zooko's triangle|secure, decentralized and human-meaningful]] to the maximum extent possible
* Be an [[wikipedia: Application Layer| Application Layer]] protocol able to work under IPv4 and IPv6 [[wikipedia: Network Layer| Network Layer]] protocols.
*prevent name conflicts
*hard to take down
*easy to use
*scalable
*provide error checking on names
*
*integration with existing internet infrastructure (dns, browsers, bit torrent, twitter, dot p2p)
 
==Standard Syntax==
''To test the regexp, see http://regexpal.com/''
 
Full (or ''DRS'') PDS identifier syntax:
'''domain#revision@signer'''
 
DRS = Domain, Revision, Signer
 
That is, domain '''domain''' at revision '''revision''' signed by '''signer'''.
 
This can be put on a browser's address bar. The browser will query the local PDS client (which provides a standard DNS interface for applications, so that any current application can use it) for the target of that domain. See some response examples:
# '''openfarmtech#revision@signer''' has target 68.169.49.115
# '''domain#revision@signer''' has target (or points to) IP 68.169.49.115, 61.210.99.87
# '''domain#revision@signer''' has target (or points to) CNAME other-domain-being-aliased
 
One can also query a partial PDS identifier:
 
DS-type identifier syntax:
'''domain@signer'''
 
This means the user wants the latest association for '''domain''' as reported by signer '''signer'''.
 
DR-type identifier syntax:
'''domain#revision'''
 
This means the user wants the association for '''domain''' at a specific revision number as reported by the trusted signer for that domain. (Yes, users can configure the order of trusted signers for specific domains).
 
Instead of configuring trusted signers for a certain domain, the user can simply store a PDR file inside a folder named ''trusted''. All PDR or PDZ files inside that folder will be blindly trusted (that is, signature checking won't be strict, so that you can use null signatures).
 
D-type identifier syntax:
'''domain'''
 
This type of identifier is similar to the DR-type, but instead of requesting a specific revision, the user wants the latest revision for that domain.
 
===domain===
'''domain''' = '''name:suffix'''
* Domain to be resolved
 
===name===
* regexp: '''/[a-z0-9][a-z0-9-]{2,998}[a-z0-9]/'''
* a ''dash'' must not follow another ''dash''
* Examples:
** openfarmtech
** p2p-foundation
 
===suffix===
* Helps prevent name conflicts; provides error checking.
* Format: '''ABC''' where:
** '''ABC''' must match '''/[a-zA-Z0-9]{3}/'''
** The domain owner can only choose '''A''' and '''B'''
** '''C''' is a checksum calculated over '''name:AB'''
** If '''A''' is a ''letter'', '''B''' must be a ''digit''
** If '''A''' is a ''digit'', '''B''' must be a ''letter''
** Some '''valid''' examples:
*** b4c
*** b4C
*** B4c
*** B4C
*** 4bc
*** 4Bc
*** 4bC
*** 4BC
*** b47
*** B47
*** 4b7
*** 4B7
 
** Some '''invalid''' examples:
*** bc5
*** bcr
*** Bcr
*** 45c
*** 45r
 
===revision===
Like an SVN revision number. Every time the domain owner chooses to update his domain (that is, choose another target for the
 
===signer===
Identifies the public key that should be used to check the signature
 
==Keys==
* DHT key 1: (name, suffix)
* DHT key 2: (name, suffix, signer)
* DHT key 3: (name, suffix, signer, revision)
 
Questions:
* <span style="color: red">'''signer'''</span>: How to get the signer's public key?
 
Examples:
* 3 levels (name:suffix#revision@signer)
** openfarmtech:4h#5@elifarley
* 2 levels (name:suffix):
** openfarmtech#4H
* 1 level (name):
** openfarmtech
 
===Questions===
''revision'' should be serial or date?
 
==DNS-style syntax==
'''name.p2p'''
 
Examples:
* openfarmtech.p2p
 
==Image Syntax==
Encode PDR using [[wikipedia: QR code| QR code]] / [[wikipedia: SPARQCode| SPARQCode]] ( a 2D barcode).
 
'''TODO''' Experiment with various 2D barcodes at the [http://barcode.tec-it.com/barcode-generator.aspx?LANG=en Online Barcode Generator]
 
==Date format==
See [[wikipedia: Base32]]
Let's use z-base-32: [http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt human-oriented base-32 encoding]
 
YYYDDDSSS
YYY = 3 chars for year offset from 2000
DDD from 0 to 365
SSS from 0 to
 
==Implementation Ideas==
 
* Create a DNS server in Python.
** See if http://www.dnspython.org/ can help.
** Looks like this question on [http://stackoverflow.com/questions/4399512/python-dns-server-with-custom-backend Python DNS Server] will help.
** [http://wiki.powerdns.com/trac PowerDNS ] using a python app as a [http://doc.powerdns.com/backends-detail.html#PIPEBACKEND Pipe backend]
** Search [http://www.google.com.br/search?q=dns+server+python Google]
* Use a bit torrent library to download PDZ and PDR files
** See http://entangled.sourceforge.net/
** Search [http://pypi.python.org/pypi?%3aaction=search&term=torrent&submit=search Python Package Index]
* PDS client home folder:
** pdz folder
** pdr folder
* PDS client searches for peer domain data on the pdz and pdr folders. If no file matching the name being looked up is found, the pds client initiates multiple searches (on bittorrent, kademlia, twitter, google, etc) and creates a pdz file for each result found.
 
==Use Cases==
 
===single record===
===single record===
PDR - Peer domain record - can be pasted on twitter, discussion forums, web pages, emails  and so on
PDR - Peer domain record - can be pasted on twitter, discussion forums, web pages, emails  and so on
<code>
<code>
  #pdr domain scope record-type value expiry-date signer digest
  #pdr name:suffix#revision record-type value expiry-date signer digest
</code>
</code>
* #pdr magic string
* #pdr magic string
* domain is the name to be resolved
* scope helps prevent name conflicts
* record-type can be a, aaaa, cname
* record-type can be a, aaaa, cname
* value can be an ip, standard dns name, other pds name
* value can be an ip, standard dns name, other PDS name
examples:
examples:
<code>
<code>
  #pdr openfarmtech 20110311 c openfarmtech.org 0 elifarley 2afqgwk6
  #pdr openfarmtech:h2#5 c openfarmtech.org - elifarley 2afqgwk6
#pdr openfarmtech:h2#5 c openfarmtech.org - - t9fqj6kf
</code>
</code>


Line 19: Line 177:
*signer is optional
*signer is optional
*
*
===pdz file===
===pdz file===
a .pdz file has all records of a given domain. A pds client retrieves the file using a dht like kademlia, bittorrent or other p2p apps. Users can also save such files in a specific folder called pdz
a .pdz file has all records of a given domain. A pds client retrieves the file using a dht like kademlia, bittorrent or other p2p apps. Users can also save such files in a specific folder called pdz, which should be shared with everyone.


<code>
<code>
name#scope@signer.pdz
name:suffix@signer.pdz
</code>
</code>


[[category:software]]
==See Also==
* [[wikipedia: Zooko's triangle]]
* [http://zooko.com/distnames.html Names: Decentralized, Secure, Human-Meaningful: Choose Two]
* [http://www.waterken.com/dev/YURL/Analogy/ YURL: Naming vs. Pointing]
* [[wikipedia: Mnet (Computer program)]]
* Evil Geniuses Transport Protocol - [http://mnet.sourceforge.net/EGTP.html EGTP]
* [[wikipedia: ZRTP]]
* [[wikipedia: Kademlia]]
* [http://dot-p2p.org/index.php?title=Main_Page Dot p2p]

Latest revision as of 01:48, 31 March 2011

Main > Software > Wireless mesh networking

Peer Domain System is a decentralized name resolution system which provides strong authentication and prevents name conflicts.

Introduction

Basically, PDS keeps domain name data in .pdz or .pdr text files, which contain signed associations of domains to targets, which can be IPs, CNAMEs (aliases to other names, DNS- or PDS-based)...

These files are simple enough so that their domain associations can be easily spread by pasting their content on Twitter, discussion forums, web pages, emails, and so on. Users can simply copy a PDR text line found on a page and paste it on a text file inside the PDS application folder. Or they try to access a domain, and if it's not found among the currently available PDR files, the PDS client will automatically try to fetch it using Bit Torrent or a DHT-based map.


One of the design goals is to make it easy to share name resolution data.

Design Goals

Standard Syntax

To test the regexp, see http://regexpal.com/

Full (or DRS) PDS identifier syntax: domain#revision@signer

DRS = Domain, Revision, Signer

That is, domain domain at revision revision signed by signer.

This can be put on a browser's address bar. The browser will query the local PDS client (which provides a standard DNS interface for applications, so that any current application can use it) for the target of that domain. See some response examples:

  1. openfarmtech#revision@signer has target 68.169.49.115
  2. domain#revision@signer has target (or points to) IP 68.169.49.115, 61.210.99.87
  3. domain#revision@signer has target (or points to) CNAME other-domain-being-aliased

One can also query a partial PDS identifier:

DS-type identifier syntax: domain@signer

This means the user wants the latest association for domain as reported by signer signer.

DR-type identifier syntax: domain#revision

This means the user wants the association for domain at a specific revision number as reported by the trusted signer for that domain. (Yes, users can configure the order of trusted signers for specific domains).

Instead of configuring trusted signers for a certain domain, the user can simply store a PDR file inside a folder named trusted. All PDR or PDZ files inside that folder will be blindly trusted (that is, signature checking won't be strict, so that you can use null signatures).

D-type identifier syntax: domain

This type of identifier is similar to the DR-type, but instead of requesting a specific revision, the user wants the latest revision for that domain.

domain

domain = name:suffix

  • Domain to be resolved

name

  • regexp: /[a-z0-9][a-z0-9-]{2,998}[a-z0-9]/
  • a dash must not follow another dash
  • Examples:
    • openfarmtech
    • p2p-foundation

suffix

  • Helps prevent name conflicts; provides error checking.
  • Format: ABC where:
    • ABC must match /[a-zA-Z0-9]{3}/
    • The domain owner can only choose A and B
    • C is a checksum calculated over name:AB
    • If A is a letter, B must be a digit
    • If A is a digit, B must be a letter
    • Some valid examples:
      • b4c
      • b4C
      • B4c
      • B4C
      • 4bc
      • 4Bc
      • 4bC
      • 4BC
      • b47
      • B47
      • 4b7
      • 4B7
    • Some invalid examples:
      • bc5
      • bcr
      • Bcr
      • 45c
      • 45r

revision

Like an SVN revision number. Every time the domain owner chooses to update his domain (that is, choose another target for the

signer

Identifies the public key that should be used to check the signature

Keys

  • DHT key 1: (name, suffix)
  • DHT key 2: (name, suffix, signer)
  • DHT key 3: (name, suffix, signer, revision)

Questions:

  • signer: How to get the signer's public key?

Examples:

  • 3 levels (name:suffix#revision@signer)
    • openfarmtech:4h#5@elifarley
  • 2 levels (name:suffix):
    • openfarmtech#4H
  • 1 level (name):
    • openfarmtech

Questions

revision should be serial or date?

DNS-style syntax

name.p2p

Examples:

  • openfarmtech.p2p

Image Syntax

Encode PDR using QR code / SPARQCode ( a 2D barcode).

TODO Experiment with various 2D barcodes at the Online Barcode Generator

Date format

See wikipedia: Base32 Let's use z-base-32: human-oriented base-32 encoding

YYYDDDSSS YYY = 3 chars for year offset from 2000 DDD from 0 to 365 SSS from 0 to

Implementation Ideas

  • Create a DNS server in Python.
  • Use a bit torrent library to download PDZ and PDR files
  • PDS client home folder:
    • pdz folder
    • pdr folder
  • PDS client searches for peer domain data on the pdz and pdr folders. If no file matching the name being looked up is found, the pds client initiates multiple searches (on bittorrent, kademlia, twitter, google, etc) and creates a pdz file for each result found.

Use Cases

single record

PDR - Peer domain record - can be pasted on twitter, discussion forums, web pages, emails and so on 

#pdr name:suffix#revision record-type value expiry-date signer digest

  • #pdr magic string
  • record-type can be a, aaaa, cname
  • value can be an ip, standard dns name, other PDS name

examples: 

#pdr openfarmtech:h2#5 c openfarmtech.org - elifarley 2afqgwk6
#pdr openfarmtech:h2#5 c openfarmtech.org - - t9fqj6kf

  • expiry is optional
  • signer is optional

pdz file

a .pdz file has all records of a given domain. A pds client retrieves the file using a dht like kademlia, bittorrent or other p2p apps. Users can also save such files in a specific folder called pdz, which should be shared with everyone.

name:suffix@signer.pdz

See Also

Retrieved from "https://wiki.opensourceecology.org/index.php?title=User:Elifarley/pds&oldid=21157"