Closed HOGGL closed 2 years ago
I think there's an elegant way to combine this with the TLS problem:
1) a node's hostname is a url compatible public key 2) a node's IPv6 address in VPN space is a hash of it's public key 3) a node's self signed TLS certificate has it's intermediate certificate signed by it's private key 4) when a node handshakes another, they exchange and verify intermediates and verify IP, hostname, match. 5) node's run a DNS service for client devices which CNAME records pointing to their public key hostnames 6) client webbrowser goes to "peertube.vpn" or whatever.
I think that's an excellent idea. It even removes the need for a name system as when a node's IP changes as long as one friend node out of several is reachable, the node can broadcast it's new IP and the rest is just gossip.
This issue is to brainstorm ideas to solve decentralised name resolution. Since we cannot rely on customer IPs to remain constant, a method of resolving usernames into addresses is required.
The two options available currently (that I'm aware of) and their issues are:
One possible solution is to require the client to sign a DHT update request with an on-device private key. These can be validated by nodes and relayed to neighbouring nodes. Though, this proposed solution is prone to abuse. Even if nodes check that the signer owns <=1 domain(s), attackers can just request domains by signing it with junk. Maybe a POW is required?