Blockchain-based web of trust to replace X.509?

[mmeijeri]

In light of the recent revelations about the massive warrantless surveillance by the NSA, some people have speculated that the NSA may have direct access to the private keys of some root certificate authorities. If that is true, then they can perform a man-in-the-middle attack against everyone. Would a blockchain structure help provide a distributed alternative that cannot easily be compromised by the NSA?

[1715241580]

1715241580

[1715241580]

1715241580

[1715241580]

1715241580

[oleganza]

Absolutely. You can timestamp your own name or identifier in the blockchain. Then, anyone can see who owns that place and trust only the associated public key. Blockchain would be a "central certificate authority" in that matter, with every user being a registrar themselves.

I even have some ideas how to solve cybersquatting issue if we are to build a name system to build alternative to DNS, trademark registries etc.

[jgarzik]

Search around this forum and the bitcoin wiki for trusted / anonymous passports, fidelity bonds, SINs, ...

[domob]

I even have some ideas how to solve cybersquatting issue if we are to build a name system to build alternative to DNS, trademark registries etc.

Are you talking about Namecoin?  Of course, there it is "first come, first serve" with registering names, so maybe the problem you want to solve is there still.  But what about applying your ideas to Namecoin (and discussing with the community whether they like them or not)?

[oleganza]

I even have some ideas how to solve cybersquatting issue if we are to build a name system to build alternative to DNS, trademark registries etc.

Are you talking about Namecoin?  Of course, there it is "first come, first serve" with registering names, so maybe the problem you want to solve is there still.  But what about applying your ideas to Namecoin (and discussing with the community whether they like them or not)?

No, namecoin takes wrong approach (imho). First problem: it started with its own blockchain (however they realised they'll never convince ppl to mine as hard as BTC, so they essentially thrown it away via merged mining). Economically, only one blockchain will ever be considerably big, while all others — realm of the hobbyists. Second problem: they propose new registry for names when many people already got some names used, but do not address cybersquatting in any way. If anyone suggests a more "fair" scheme, it might be more viable.

My suggestion for a name system:

0. Think of it as a global name system, not only "domain name" system. For usernames, website names, trademarks, anything.

1. Use bitcoin blockchain for timestamping without funny merged-mining. Keep and distribute actual data outside the chain. Using existing DNS servers, or via p2p gossip protocol, or on known servers like torrent trackers, or any mix of those.

2. Start with a one or several of actual new services that sell idea "you own your identity". In other words, your login will be fully interoperable between multiple services, just like your domain name is separate from physical IP address. Except, it's totally yours (FBI cannot seize it) and your identity cannot be spoofed via root certificates.

3. This service (or services) will provide initial usefulness to such name system and fill it with early users, even if they don't care about such system themselves. They can also agree to implement a "bootstrap period" when only signed names are valid (keys will belong to such services). This is to prevent cybersquatting. It's similar to how App.net started giving usernames to existing Twitter users during some bootstrap period to make platform more attractive by guaranteeing your name to be preserved.

Economically, it will play out like this: if services are giving out names unfairly, people in general will not recognize this name system as global one. This does not hurt anyone, just does not take off. But if the names are given out "fairly" (as perceived by people), then it may grow outside initial services (other services will recognize it). E.g. "oleganza" and "apple" are not given to random dudes, but to those who display ownership of such names in a reasonable name space (e.g. DNS, twitter, facebook, google+, trademark bureau etc.)

The bootstrap period can be limited by the protocol. E.g. after block number XXXXX no one checks if the signature of the name is valid. This way people will see that it's guaranteed that original name registrars are not going to wait till network takes off and then charge monopolistic prices. Secret keys held by registrars will not allow revoking the name, only registering it for the first time. Once it's given to you, it's fully yours. If the secret keys leak, then it's equivalent to an end of bootstrap period. If it's too early, it might attract cybersquatters and make the scheme less interesting to everyone. We may use N-out-of-M signing scheme to prevent single registrars from accidents. Bootstrap registration can scale by adding extra registrars with good reputation and incentives to support the cause.

Names will require heartbeat transactions. If you lose your keys to your name and do not update (ping) it within, say, 1 year, it becomes free to anyone to claim (during bootstrap period it should still be given out by a registrar).

To distribute the data, we can imagine a payment protocol using BTC: you pay nodes to store and propagate your name data to other nodes. This way you will sponsor directly most efficient guys who will keep all clients up to date. "Semi-trusted" nodes will emerge that will validate data for users, without them having to check blockchain themselves. Client apps can request short blockchain excerpts to validate correctness of name history, or talk to several independent nodes and compare results.

[oleganza]

In result, it may take off provided:

1. We have all necessary software ready for a particular standard implementation. All necessary libraries in nice C and a couple extra languages, plus a couple of nice end-user apps that allow managing this stuff.

2. Names are given out fairly.

3. Names are given out cheaply enough (or for free, as a part of a service bill).

4. Bootstrap period is chosen correctly (not too short to avoid squatters, not too long to have FUD about oppressive monopoly)

5. We have at lease one nice service that implements this scheme from the start. Even better, if there are two services that use the same standard.

Having those 5 points we can release the protocol and software and go inviting more services to join it and seek for extra trustable registrars to improve credibility. If it goes well, we can build a true single replacement for all name registries around the world which will fix issues with SSL, disable censorship, wipe out international trademark mess and other related issues.

PS. I don't see this system as a thing in itself that will allow making some significant amount of money to anyone. It is decentralized uncontrollable network, after all. Data-storage nodes will make some money, but mostly to cover up expenses (there will be huge open competition among them). The way to make meaningful money is to provide unique services that may use this name system as one of the selling points. If they charge too much for participating in such naming scheme, it only detracts customers and won't help the system to take off. So it's mostly semi-charitable auxiliary service, but with wonderful side effects to everyone's satisfaction.

[domob]

I even have some ideas how to solve cybersquatting issue if we are to build a name system to build alternative to DNS, trademark registries etc.

Are you talking about Namecoin?  Of course, there it is "first come, first serve" with registering names, so maybe the problem you want to solve is there still.  But what about applying your ideas to Namecoin (and discussing with the community whether they like them or not)?

No, namecoin takes wrong approach (imho). First problem: it started with its own blockchain (however they realised they'll never convince ppl to mine as hard as BTC, so they essentially thrown it away via merged mining). Economically, only one blockchain will ever be considerably big, while all others — realm of the hobbyists. Second problem: they propose new registry for names when many people already got some names used, but do not address cybersquatting in any way. If anyone suggests a more "fair" scheme, it might be more viable.

I know already you would like to use the Bitcoin blockchain for everything, and I disagree here.  In my opinion, merge-mining the a good idea, and also economically of advantage.  Regarding your "second problem", I do not see how this can be addressed without centralised authorities (see also below).  Thus apart from your wish of only one blockchain and no merge-mining, I fail to see what else namecoin does wrong and how your system would really be any different.

My suggestion for a name system:

0. Think of it as a global name system, not only "domain name" system. For usernames, website names, trademarks, anything.

Namecoin does this.

1. Use bitcoin blockchain for timestamping without funny merged-mining. Keep and distribute actual data outside the chain. Using existing DNS servers, or via p2p gossip protocol, or on known servers like torrent trackers, or any mix of those.

It seems to me you mix two issues here.  The first is about merge-mining or not, and I think it simply won't be possible to find a consensus whether or not that should be done.  Thus I leave it out for now.  The second is that you seem to imply (please correct me if I get it wrong) that existing DNS servers or similar should be used to access the system.  I probably don't understand how you want to do this in detail, but what would then be the advantage of using a "namecoin-like" (or in general P2P) system, if you in the end still use centralised servers to do name resolving?

2. Start with a one or several of actual new services that sell idea "you own your identity". In other words, your login will be fully interoperable between multiple services, just like your domain name is separate from physical IP address. Except, it's totally yours (FBI cannot seize it) and your identity cannot be spoofed via root certificates.

Sounds like OpenID to me.  If we implement support of login via signing with the private key of your name (or where your name data holds a public key used for login) at service providers, this sounds like a good idea.  But is has nothing to do with namecoin or a different system, rather the ball is with service providers to implement this kind of login.

3. This service (or services) will provide initial usefulness to such name system and fill it with early users, even if they don't care about such system themselves. They can also agree to implement a "bootstrap period" when only signed names are valid (keys will belong to such services). This is to prevent cybersquatting. It's similar to how App.net started giving usernames to existing Twitter users during some bootstrap period to make platform more attractive by guaranteeing your name to be preserved.

I see, which is basically using centralised authorities again (if only during the "bootstrap period").  Who will be those authorities, and how will they decide who is entitled to a name?  What if they disagree, will then again that person win who first registers his or her name with a valid signature?  I think I remember that Apple had problems getting "iPad" (or was it some other i-name?) trademarked in China, because a small company had already registered that name years ago.  They resolved it eventually, IIRC, but what would happen in your system if both claim the name?  Presumably there wouldn't really be any fair way to say why US trademarks should be go in before Chinese ones (or vice versa), and why (for instance) US authorities will have signing keys and not Chinese ones.

[oleganza]

Thanks for your comments.

Let me back up a little and explain my perspective on Names vs. Coins. Maybe it'll help understanding what I'm up to.

1. Every coin is the same as any other one. If you don't mine this coin, you can always mine some other one. You can lose some coins forever without much worry — you'll have identical coins somewhere else.

2. Names are unique and personal. Some people put a lot of meaning in certain names. For me "Oleg Andreev" is very personal name which my friends use to identify me, while "John Doe" means almost nothing to me (but may mean something to someone else). Names have different value as perceived by different people. Probably no one would want to squat my name to sell it to me, but they sure would want to squat some well-known name like McDonalds. No program can know which names are more valuable and which are less.

3. For a truly decentralized name system there must be a way to "own" a name available for everyone. Every user can see who owns certain name and any user can be an owner of some name. This is essential to eliminate trust in any single authority like SSL CA or DNS registrar. Both Namecoin and my suggestion are doing exactly that: once you own the name, no one can spoof it and everyone can validate it.

4. The second requirement for decentralization is ability for everyone to register any available name without going to any authority. If I want a name "olegandreev12345" and it's not taken, I'd love to simply claim it and move on with my business. This what we all want in an ideal (or, long-term) scenario. Also, it must have as little friction as possible. I don't want to "mine" a name. It will not protect anyone from squatting, but will only add useless overhead.

5. As I said earlier, all names are valued differently and mean different things to different people. To get from the current state of affairs to the working stable state of global name system with millions of names, we need to deal with human nature. In other words, we need to figure out how to avoid a dead-end and earn the trust of users in the system.

I see two ways to do it:

1. Either anyone can register anything without control (with or without "mining" anything).
2. Or there is a short-term bootstrap scheme to censor "unfair" squatting to increase credibility of the network. But still allow unstoppable ownership, editing and selling of the names.

First approach is the most easy one, but I bet it will never work. As soon as it starts taking off meaningfully, anyone would be able to squat valuable names and get to a situation when many good names belong to resellers. Free market argument does not really apply here because within a single name (e.g. "McDonalds") there is always one reseller. Even if he competes with another guy who squatted "Burger King", for McDonalds it does not matter, they want *their* name, not *any* name (unlike with money units).

Perfect fairness is never possible. There are tons of Oleg Andreevs in the world and any one of them can claim "fair" ownership of that name. But if I have to compete only with other Oleg Andreevs, it highly increases my chances of getting what I want and even if I lose, I will see that all other names are taken by more or less appropriate owners. So the whole thing makes sense and does not look like a chaotic reseller territory.

Registrars will decide on a basis of the "most fair" perception by the market. If they benefit from "Apple" being given to Apple inc., not to Apple Corps, then they'll give it to Apple inc. It may piss off some people, but probably would piss of more people otherwise. If registrars try to piss off as little amount of people as possible, it will grow. If not, it's not a big deal, it will leave room for some other protocol. Either legacy one, or a more "fair" one, or Namecoin, or something else.

Again: in the long run free decentralized registration makes sense only when all established names are already in possession of the people associated with them. E.g. when McDo owns "McDo", Apple owns "Apple" etc. In other words, free land grab is okay with everyone when everyone already has at least their own personal name. But to get to this condition, we probably need some intermediate decision-maker (but he won't be able to censor your use of the name after you got it: you can edit it, sell it, etc).

If you have a better suggestion to avoid chaotic squatting, let me know.

PS. I don't care much about how to distribute metadata. It could go via any sorts of servers, as I mentioned. I just need to use the main blockchain as the most robust ledger to timestamp the data. It's an interesting technical discussion, but is probably irrelevant to the core problem of achieving network effect in claiming the names.

[domob]

1. Either anyone can register anything without control (with or without "mining" anything).
2. Or there is a short-term bootstrap scheme to censor "unfair" squatting to increase credibility of the network. But still allow unstoppable ownership, editing and selling of the names.

Yes of course, I understand the problem of squatting.  In fact, it seems that for namecoin a real lot of interesting names is already taken (and presumably not by those who would be entitled to the name by the understanding of most people).  Actually I'm interested myself in a particular name for its meaning and had to find out that someone seems to own almost all three-letter names I tried (curious, after finding the particular one already taken).

I don't think however that any system of bootstrapping can ever solve the problem really meaningfully.  Namecoin had its own (which very expensive names at the beginning), but squatters came later now that names are quite cheap but still namecoin is not in popular use and thus the names were still free.  But the same will also be a problem if  you create your own system.  How do you define the bootstrap period?  What if the system is gaining popularity, but after it is still not so popular that everyone had arguably a "fair chance" to get his/her preferred name?  In fact, I would not even say that with Bitcoin anyone on the planet (or in developed countries) had yet its fair chance to get hold of some, because it is still known to very few people as far as my experience goes.  So would you make your bootstrap period 10 years in order to provide more time than with Bitcoin?  That seems not very practical.  Would you put instead a lot of marketing into it, such that everyone knew you were going to allow "bootstrap registration" for the coming year?

Furthermore, I'm personally not even convinced that namecoin or such a naming system would have to become the "main" system of naming in the future.  IMHO, the current DNS system (possibly with SSL certificate keys stored in the DNS report already to help with problems of CA trust) works rather well for most entities that you refer to.  I don't think that McDonalds or Apple or any other major corporation, that could be a target of squatting, will need to use .bit domains instead of central registry .com ones in the near future.  Where I see the potential in namecoin (or a competing decentralised system) is in fighting censorship (think Wikileaks or the Pirate Bay) as well as allowing ordinary people to register a personal name with their GPG key or something.  Also, I think for entities even in greater danger and thus operating a Tor hidden service, the tor/ namespace in namecoin could be useful to establish a trusted link to the correct .onion address.  For those I don't think that squatting is a big problem - sure, someone could register my (or your) name.  But who will do that?  If I wanted to make money by squatting names, I surely would not register random names off Facebook or other sites in the hopes that the person behind would buy it off me.  IMHO that makes only sense with "big" names like recognized brands.

[OnkelPaul]

But if the names are given out "fairly" (as perceived by people), then it may grow outside initial services (other services will recognize it). E.g. "oleganza" and "apple" are not given to random dudes, but to those who display ownership of such names in a reasonable name space (e.g. DNS, twitter, facebook, google+, trademark bureau etc.)

The problem with names is that they are context-dependent. "apple" is associated so heavily with that one corporation that we would probably not think of another one, but what about "orange"? There's a mobile communications company, a mountain bike maker, a manufacturer of guitar amps, and many many more. Who gets the name if the names should be given out "fairly"?
What about my forum nickname? I selected it on a whim, my real name is not Paul (but I'm an uncle, so it's at least not 100% deceptive). Do I still have a right to the name? Now I'm not a forum celebrity, so maybe nobody would care, but what about others? Within this forum (and in a number of other contextst), "jgarzik" is well known, and nobody would challenge Jeff's ownership of the name, but outside of the bitcoin world probably nobody would associate the nickname with him, so would he be considered "a random dude" when it comes to registering the name?

The very concept of "owning" a name is broken (this applies to the domain name system as well, at least to the flattened version that has evolved - a hierarchical name system might work better). You own your identity, and others may refer to you by name, and when you introduce yourself you will tell them by which name they should address you, but that does not mean that you own that name.

Onkel Paul

[oleganza]

The very concept of "owning" a name is broken (this applies to the domain name system as well, at least to the flattened version that has evolved - a hierarchical name system might work better). You own your identity, and others may refer to you by name, and when you introduce yourself you will tell them by which name they should address you, but that does not mean that you own that name.

I use "own" not in a moral sense (like "I have a moral right to this name and will go to court to claim it"), but in a sense of global naming system. In some cases we are okay with local name systems (an address book), in others we would love to have easy to use global ID. Not UUID, but something like "www.mything.com". It is important because it allows us to talk about the same thing and easily check identity. I as a consumer do not care if the Apple website is apple.com or appleinc.com, I just care that it is not d6e58d64-ce2b-f60e-2ce9-20e5eef3b0f6 which is impossible to verify or express verbally. I'm not arguing we can't leave without global names at all (if UI is done right, even UUIDs, like BTC addresses can be quite usable), but it would be kinda nice to have global names to stay on the same page. It also applies to trademarks that surround us. If we all can peacefully agree that Bob uses "McDonalds", then we won't have to argue who has right for what. The first one to register is the winner.

I agree with domob that it might be interesting as an extra registry, on the same level as DNS and others. It would be useful even in that way.

But here's another idea: imagine for a second that, for instance, I register all .com names in my fancy protocol and give them out only to proper owners. So there is zero possibility of squatting. (Bonus track: I may decide not to give those names right away to current squatters.) This way, if everyone agrees that only proper owners are holding new names, they can slowly ditch central authority registries in favor of blockchain-based registry. All the newer names will be free to register after giveaway. So everyone has the same names, but now has full control over them without NSA spoofing VeriSign certificates or censorship. Isn't this outcome worth something to every name holder? The question is only how exactly to execute such transition so it does not come to dead end.

[oleganza]

The problem with names is that they are context-dependent. "apple" is associated so heavily with that one corporation that we would probably not think of another one, but what about "orange"? There's a mobile communications company, a mountain bike maker, a manufacturer of guitar amps, and many many more. Who gets the name if the names should be given out "fairly"?

You cannot please everyone, but you can minimize unhappiness. If you try giving "Orange" to those who are supported by economic majority (or already have "orange.com" name, for instance), then you will have less voices saying you are not "fair". The open question is whether the system takes off even in the best possible scenario. My bet it is quite possible provided the system is a *part* of authentication on some popular service(s). E.g. if instead of OpenID, some big guys like Google or Twitter, accept such a system and validate initial registrations, then it might grow bigger than them. Or you make your start-up super popular and have this as an authentication. Others may or may not accept it themselves. So it will be parallel to existing names, some people won't get nice names, but overall there will be "honest distribution".

Again, I'm not trying to prove a philosophical point here, just wondering about economics of name registration and figuring out a most pleasant way to establish a global registry without too many people being upset.

[kjj]

The notion of "you own your name" is totally incompatible with any sort of anti-squatting system.

Namecoin actually works very well.  I think you are too quick to dismiss it.

[oleganza]

The notion of "you own your name" is totally incompatible with any sort of anti-squatting system.

I'm not preventing anti-squatting for a sake of it. I want to manage it only during a bootstrap period, so people can jump on the registry easily. When it's taken off and most names are picked by existing "owners", it's a totally free market and you can squat the hell out of it.