This is a really good intro to petnames. I was immediately struck by the utility of this when I first heard of them (20-ish years ago?) and I’ve incorporated them into my perennially-unready Tendril P2P social network.
A “petname system” is a database and a set of interfaces which use that database to bidirectionally map human readable names to cryptographically secure names.
OK, each user will have a secure database which maps unique IDs to human-readable aliases.
Where does that database live? It definitely can’t live on any specific device, because I (as a user) have many devices, all of which need to have the same “petname resolution” behavior.
So this means the database needs to live at some third-party endpoint, which all of my devices can access. This (necessarily!) represents a delegation of trust.
And I’m definitely not going to run my own petname database, I’m going to outsource that work to a hosting provider. So then what is the difference between this outcome and, basically, DNS? The trust model is more or less the same, isn’t it?
A petnames database hosted for you somewhere requires trusting fewer people and machines. With DNS you delegate trust to the whole unencrypted path between your machine and the authoritative nameserver for whatever domain you want to reach.
You could also encrypt your database and then so long as you trust your software you could trust that your petname host could only do denial of service and rollback attacks rather than just feeding you arbitrary names.
Same for other sources of petnames, if they’re signed then they can be significantly higher trust than DNS.
My petname database is stored locally on devices I own and replicated across my devices.
Data doesn’t have to be centralized in order to be accessible from more than one location. Decentralized systems have existed for decades, and interest in them is growing. The Petnames paper introduces one small part of that, which is decentralized naming systems.
The reason my ad-hoc system is not as convenient as storing all my personal information in the Apple or Google cloud is due to the economic incentives of capitalists for whom “personal information is the new oil”. They can pump a lot of money into software with a polished UI, and they call sell hardware with that software preinstalled.
But I am hoping to transition to more convenient and easy to use software that is private and local-first. There are a number of projects. Today I am planning to dive into <anytype.io> and see if that meets my requirements. Please reply if you have opinions or experience with private, local-first, decentralized personal computing software.
I am poking this problem space right now and there seem to be a mountain of unexplored territory, both in the abstract with how names, namespaces and taxonomies work to link together abstractions, but also in the technical and HCI – simply because DNS just is the go-to hierarchical solution and much of P2P tried to avoid user addressable entities in favour of data-driven search or juggling primitives (e.g. magnet links).
As part of a nlnet sponsorship I am working on A12 where the constraints are such that DNS is not an option (e.g. transiently airgapped networks) where fleets of user-facing devices still need to dynamically discover and join together to form a network transparent desktop.
One of the tactics is using petnames at border to/from cryptographic keymaterial then on the protocol level discovery in local broadcast domain from ts,nonce,H(Kpub, Ts, nonce), such as ‘foo’ was discovered or try to connect to ‘bar’. Then on the WAN level forming onion like circuits via rendezvous directories in the open, such as ‘found bar through foo’.
snej | 2 years ago
This is a really good intro to petnames. I was immediately struck by the utility of this when I first heard of them (20-ish years ago?) and I’ve incorporated them into my perennially-unready Tendril P2P social network.
peterbourgon | 2 years ago
OK, each user will have a secure database which maps unique IDs to human-readable aliases.
Where does that database live? It definitely can’t live on any specific device, because I (as a user) have many devices, all of which need to have the same “petname resolution” behavior.
So this means the database needs to live at some third-party endpoint, which all of my devices can access. This (necessarily!) represents a delegation of trust.
And I’m definitely not going to run my own petname database, I’m going to outsource that work to a hosting provider. So then what is the difference between this outcome and, basically, DNS? The trust model is more or less the same, isn’t it?
cmcaine | 2 years ago
A petnames database hosted for you somewhere requires trusting fewer people and machines. With DNS you delegate trust to the whole unencrypted path between your machine and the authoritative nameserver for whatever domain you want to reach.
You could also encrypt your database and then so long as you trust your software you could trust that your petname host could only do denial of service and rollback attacks rather than just feeding you arbitrary names.
Same for other sources of petnames, if they’re signed then they can be significantly higher trust than DNS.
apromixately | 2 years ago
You can store and synchronize with encryption easily if it’s only between your own devices.
peterbourgon | 2 years ago
Are we talking iCloud easy or rsync easy? 😉
doug-moen | 2 years ago
My petname database is stored locally on devices I own and replicated across my devices.
Data doesn’t have to be centralized in order to be accessible from more than one location. Decentralized systems have existed for decades, and interest in them is growing. The Petnames paper introduces one small part of that, which is decentralized naming systems.
The reason my ad-hoc system is not as convenient as storing all my personal information in the Apple or Google cloud is due to the economic incentives of capitalists for whom “personal information is the new oil”. They can pump a lot of money into software with a polished UI, and they call sell hardware with that software preinstalled.
But I am hoping to transition to more convenient and easy to use software that is private and local-first. There are a number of projects. Today I am planning to dive into <anytype.io> and see if that meets my requirements. Please reply if you have opinions or experience with private, local-first, decentralized personal computing software.
crazyloglad | 2 years ago
I am poking this problem space right now and there seem to be a mountain of unexplored territory, both in the abstract with how names, namespaces and taxonomies work to link together abstractions, but also in the technical and HCI – simply because DNS just is the go-to hierarchical solution and much of P2P tried to avoid user addressable entities in favour of data-driven search or juggling primitives (e.g. magnet links).
As part of a nlnet sponsorship I am working on A12 where the constraints are such that DNS is not an option (e.g. transiently airgapped networks) where fleets of user-facing devices still need to dynamically discover and join together to form a network transparent desktop.
One of the tactics is using petnames at border to/from cryptographic keymaterial then on the protocol level discovery in local broadcast domain from ts,nonce,H(Kpub, Ts, nonce), such as ‘foo’ was discovered or try to connect to ‘bar’. Then on the WAN level forming onion like circuits via rendezvous directories in the open, such as ‘found bar through foo’.