[Docs] [txt|pdf|xml] [Tracker] [Email] [Nits]

Versions: 00

Internet Engineering Task Force                              C. Grothoff
Internet-Draft                                                     INRIA
Intended status: Informational                                  M. Wachs
Expires: December 24, 2015              Technische Universitaet Muenchen
                                                            H. Wolf, Ed.
                                                           GNU consensus
                                                            J. Appelbaum
                                                                 L. Ryge
                                                        Tor Project Inc.
                                                           June 30, 2015


                  Special-Use Domain Name for Namecoin
               draft-grothoff-iesg-special-use-p2p-bit-00

Abstract

   This document registers a Special-Use Domain Name for use with the
   Namecoin system, as per RFC6761.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 24, 2015.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Grothoff, et al.        Expires December 24, 2015               [Page 1]


Internet-Draft            Special-Use Namecoin                 June 2015


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Applicability . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  Terminology and Conventions Used in This Document . . . . . .   3
   4.  The "BIT" Timeline System pTLD  . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   The Domain Name System (DNS) is primarily used to map human-memorable
   names to IP addresses, which are used for routing but generally not
   meaningful for humans.

   Namecoin offers a specific timeline-based mechanism to allocate,
   register, manage, and resolve names, independently from the DNS root
   and delegation tree.

   As compatibility with applications using domain names is desired,
   Namecoin uses an exclusive alternative Top-Level Domain to avoid
   conflicts between the Namecoin namespace and the DNS hierarchy.

   In order to avoid interoperability issues with DNS as well as to
   address security and privacy concerns, this document registers the
   Special-Use Domain Names "BIT" for use with Namecoin, as per
   [RFC6761].

   Namecoin (also known as the Dot-Bit Project) uses this pTLD to
   realize censorship-resistant naming.

2.  Applicability

   [RFC6761] Section 3 states:

      "[I]f a domain name has special properties that affect the way
      hardware and software implementations handle the name, that apply
      universally regardless of what network the implementation may be
      connected to, then that domain name may be a candidate for having



Grothoff, et al.        Expires December 24, 2015               [Page 2]


Internet-Draft            Special-Use Namecoin                 June 2015


      the IETF declare it to be a Special-Use Domain Name and specify
      what special treatment implementations should give to that name.
      On the other hand, if declaring a given name to be special would
      result in no change to any implementations, then that suggests
      that the name may not be special in any material way, and it may
      be more appropriate to use the existing DNS mechanisms [RFC1034]
      to provide the desired delegation, data, or lack-of-data, for the
      name in question.  Where the desired behaviour can be achieved via
      the existing domain name registration processes, that process
      should be used.  Reservation of a Special-Use Domain Name is not a
      mechanism for circumventing normal domain name registration
      processes."

   The Special-Use Domain Name for Namecoin reserved by this document
   meets this requirement, as it has the following specificities:

   o  The "BIT" pTLD is not manageable by some designated
      administration.  Instead, it is managed by a P2P protocol using a
      global public ledger.

   o  Namecoin does not depend on the DNS context for their resolution:
      Namecoin domains MAY use the DNS servers infrastructure, as they
      return DNS-compatible results; but it uses specific P2P protocols
      for regular name resolution, covered by the respective protocol
      specifications.

   o  When Namecoin is properly implemented, the implementation MUST
      intercept queries for the pTLD to ensure Namecoin names cannot
      leak into the DNS.

   o  The appropriate pTLD protocols can be implemented in existing
      software libraries and APIs to extend regular DNS operation and
      enable Namecoin name resolution.  However, the default
      hierarchical DNS response to any request to any pTLD MUST be
      NXDOMAIN.

   o  Finally, in order for Namecoin to realize a censorship-resistant
      name system, this document specifies changes required in existing
      DNS software and DNS operations.

3.  Terminology and Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   The word "peer" is used in the meaning of a individual system on the
   network.



Grothoff, et al.        Expires December 24, 2015               [Page 3]


Internet-Draft            Special-Use Namecoin                 June 2015


   The abbreviation "pTLD" is used in this document to mean a pseudo
   Top-Level Domain, i.e., a Special-Use Domain Name per [RFC6761]
   reserved to P2P Systems in this document.  A pTLD is mentioned in
   capitals, and within double quotes to mark the difference with a
   regular DNS gTLD.

   In this document, ".tld" (lowercase, with quotes) means: any domain
   or hostname within the scope of a given pTLD, while .tld (lowercase,
   without quotes) refers to an adjective form.  For example, a
   collection of ".bit" peers in "BIT", but an .bit URL.  [TO REMOVE: in
   the IANA Considerations section, we use the simple .tld format to
   request TLD reservation for consistency with previous RFCs].

   The word "NXDOMAIN" refers to an alternate expression for the "Name
   Error" RCODE as described in section 4.1.1 of [RFC1035].  When
   referring to "NXDOMAIN" and negative caching [RFC2308] response, this
   document means an authoritative (AA=1) name error (RCODE=3) response
   exclusively.

4.  The "BIT" Timeline System pTLD

   Namecoin is a timeline-based system in the style of Bitcoin to create
   a global, secure, and memorable name system.  It creates a single,
   globally accessible, append-only timeline of name registrations.
   Timeline-based systems rely on a peer-to-peer network to manage
   updates and store the timeline.  In the Namecoin system,
   modifications to key-value mapping are attached to transactions which
   are committed to the timeline by "mining".  Mining is a proof-of-work
   calculation that uses brute-force methods to find (partial) hash
   collisions with a state summary (fingerprint) representing the
   complete global state -- including the full history -- of the
   timeline .

   "BIT" provides a name space where names are registered via
   transactions in the Namecoin currency [Namecoin].  Like Bitcoins,
   Namecoins are used to establish a decentralized, multi-party
   consensus on the valid transaction history, and thus the set of
   registered names and their values [SquareZooko].

   The Namecoin used in a transaction to register a name in "BIT" is
   lost.  This is not a fundamental problem as more coins can be
   generated via mining (proof-of-work calculations).  The registration
   cost is set to decrease over time, to prevent early adopters from
   registering too many names.

   The owner of a name can update the associated value by issuing an
   update, which is a transaction that uses a special coin.  This coin




Grothoff, et al.        Expires December 24, 2015               [Page 4]


Internet-Draft            Special-Use Namecoin                 June 2015


   is generated as change during the registration operation.  If a name
   is not updated for a long time, the registration expires.

   Performing a lookup for a name with Namecoin consists in checking the
   timeline for correctness to ensure the validity of the blockchain,
   and traversing it to see if it contains an entry for the desired
   name.  Namecoin supports resolution for other peer-to-peer systems
   such as ".onion" and ".i2p" via specific resource records.

   Like DNS registry, the Dot-Bit registry is public.  But unlike DNS,
   the public registry is maintained by network consensus on the
   blockchain.  It departs from DNS in three ways:

      first, domain names are not delegated to an authority that can
      assign them, but acquired by the operating party (the "domain
      owner"), in the form of a historical claim made directly by
      appending to the Namecoin blockchain.  The domain is thus bound
      not to a legal contract with an administrative authority, but to a
      cryptographic coin, and the network consensus on the timeline.

      second, the timeline contains the entire registry for all .bit
      domains: the Namecoin blockchain itself is the complete domain
      database.  As participant peers maintain the consensus on the
      timeline, they store a local copy of the Namecoin blockchain.
      Therefore, to those peers, name resolution and registry traversal
      are both local and private.  Each participant theoretically has
      the whole domain's database.  In practice, some users can trust a
      name server to access the Namecoin blockchain on their behalf.

      third, the Namecoin system is not limited to domain names and can
      store arbitrary data types.  Each record must follow the same
      rules (expiry time, data size limits, etc.).  The Namecoin's
      Domain Name Specification [Namecoin-DNS] defines the "d namespace"
      for use with "BIT" and other unrelated namespaces co-exist on the
      Namecoin blockchain.

   The "BIT" domain is special in the following ways:

   1.  Users can use these names as they would other domain names,
       entering them anywhere that they would otherwise enter a
       conventional DNS domain name.

       From the user's perspective, the resolution of .bit names is
       similar to the normal DNS resolution, and thus should not affect
       normal usage of most Internet applications.






Grothoff, et al.        Expires December 24, 2015               [Page 5]


Internet-Draft            Special-Use Namecoin                 June 2015


   2.  Application software SHOULD NOT recognize .bit domains as special
       and SHOULD treat them as they would other domains.

       Applications MAY pass requests to the "BIT" pTLD to DNS resolvers
       and libraries if A/AAAA records are desired.  If available, the
       local resolver can intercept such requests within the respective
       operating system hooks and return DNS-compatible results.

       Namecoin-aware applications MAY choose to talk directly to the
       respective P2P resolver, and use this to access additional record
       types that are not defined in DNS.



   3.  Name resolution APIs and libraries SHOULD either respond to
       requests for .bit names by resolving them via the Namecoin
       protocol, or respond with NXDOMAIN.



   4.  Caching DNS servers SHOULD recognize .bit names as special and
       SHOULD NOT attempt to resolve them.  Instead, caching DNS servers
       SHOULD generate immediate negative responses for all such
       queries.

       Given that .bit users typically have no special privacy
       expectations, and those names are globally unique, local caching
       DNS servers MAY choose to treat them as regular domain names, and
       cache the responses obtained from the Namecoin blockchain.  In
       that case however, NXDOMAIN results SHOULD NOT be cached, as new
       .bit domains may become active at any time.



   5.  Authoritative DNS servers are not expected to treat .bit domain
       requests specially.  In practice, they MUST answer with NXDOMAIN,
       as "BIT" is not available via global DNS resolution.



   6.  DNS server operators SHOULD be aware that .bit names are reserved
       for use with Namecoin, and MUST NOT override their resolution
       (e.g., to redirect users to another service or error
       information).







Grothoff, et al.        Expires December 24, 2015               [Page 6]


Internet-Draft            Special-Use Namecoin                 June 2015


   7.  DNS registries/registrars MUST NOT grant any request to register
       .bit names.  This helps avoid conflicts [SAC45].  These names are
       defined by the Namecoin protocol specification, and they fall
       outside the set of names available for allocation by registries/
       registrars.



5.  Security Considerations

   Specific software performs the resolution of Namecoin Special-Use
   Domain Names presented in this document; this resolution process
   happens outside of the scope of DNS.  Leakage of requests to such
   domains to the global operational DNS can cause interception of
   traffic that might be misused to monitor, censor, or abuse the user's
   trust, and lead to privacy issues with potentially tragic
   consequences for the user.

   This document reserves these Top-Level Domain names to minimize the
   possibility of confusion, conflict, and especially privacy risks for
   users.

   In the introduction of this document, there's a requirement that DNS
   operators do not override resolution of the Namecoin names.  This is
   a regulatory measure and cannot prevent such malicious abuse in
   practice.  Its purpose is to limit any information leak that would
   result from incorrectly configured systems, and to avoid that
   resolvers make unnecessary contact to the DNS Root Zone for such
   domains.  Verisign, Inc., as well as several Internet service
   providers (ISPs) have notoriously abused their position to override
   NXDOMAIN responses to their customers in the past
   [SSAC-NXDOMAIN-Abuse].  For example, if a DNS operator would decide
   to override NXDOMAIN and send advertising to leaked .onion sites, the
   information leak to the DNS would extend to the advertising server,
   with unpredictable consequences.  Thus, implementors should be aware
   that any positive response coming from DNS must be considered with
   extra care, as it suggests a leak to DNS has been made, contrary to
   user's privacy expectations.

   The reality of X.509 Certificate Authorities (CAs) creating
   misleading certificates for these pTLDs due to ignorance stresses the
   need to document their special use.  X.509 Certificate Authorities
   MAY create certificates for "BIT", given CSRs signed with the
   respective private keys corresponding to the respective names.  For
   "BIT", the Certificate Authority SHOULD limit the expiration time of
   the certificate to match the registration.





Grothoff, et al.        Expires December 24, 2015               [Page 7]


Internet-Draft            Special-Use Namecoin                 June 2015


   Because the Namecoin system uses a timeline-based blockchain for name
   assignment and resolution, it grants query privacy to the users who
   maintain their own copy of the blockchain (Section 4.4), but the
   entire zone of a .bit domains is publicly available in the Namecoin
   blockchain, making enumeration of names within a .bit zone ("zone
   walking") a trivial attack to conduct.  This might be a concern to
   some domain operators as it exposes their infrastructure to potential
   adversaries.  That concern may be addressed in future versions of
   Namecoin, but the records already in the blockchain will remain there
   unprotected.

   Finally, legacy applications that do not explicitly support the
   Namecoin pTLD significantly increase the risk of ".bit" queries
   escaping to DNS, as they are entirely dependent on the correct
   configuration on the operating system.

6.  IANA Considerations

   The Internet Assigned Numbers Authority (IANA) reserved the following
   entries in the Special-Use Domain Names registry [RFC6761]:

      .bit

   [TO REMOVE: the assignement URL is https://www.iana.org/assignments/
   special-use-domain-names/ ]

7.  Acknowledgements

   The authors thank the I2P and Namecoin developers for their
   constructive feedback, as well as Mark Nottingham for his proof-
   reading and valuable feedback.  The authors also thank the members of
   DNSOP WG for their critiques and suggestions.

8.  References

8.1.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, November 1987.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, November 1987.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2308]  Andrews, M., "Negative Caching of DNS Queries (DNS
              NCACHE)", RFC 2308, March 1998.



Grothoff, et al.        Expires December 24, 2015               [Page 8]


Internet-Draft            Special-Use Namecoin                 June 2015


   [RFC6761]  Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
              RFC 6761, February 2013.

8.2.  Informative References

   [Namecoin]
              The .bit Project, "Namecoin", 2013,
              <https://namecoin.org/>.

   [Namecoin-DNS]
              The .bit Project, "Namecoin Domain Name Specification",
              2015, <https://bit.namecoin.org/spec>.

   [SAC45]    ICANN Security and Stability Advisory Committee, "Invalid
              Top Level Domain Queries at the Root Level of the Domain
              Name System", November 2010,
              <http://www.icann.org/en/groups/ssac/documents/
              sac-045-en.pdf>.

   [SquareZooko]
              Swartz, A., "Squaring the Triangle: Secure, Decentralized,
              Human-Readable Names", 2011,
              <http://www.aaronsw.com/weblog/squarezooko>.

   [SSAC-NXDOMAIN-Abuse]
              ICANN Security and Stability Advisory Committee,
              "Redirection in the COM and NET Domains", July 2004,
              <http://www.icann.org/committees/security/
              ssac-report-09jul04.pdf>.

Authors' Addresses

   Christian Grothoff
   INRIA
   Equipe Decentralisee
   INRIA Rennes Bretagne Atlantique
   263 avenue du General Leclerc
   Campus Universitaire de Beaulieu
   Rennes, Bretagne  F-35042
   FR

   Email: christian@grothoff.org









Grothoff, et al.        Expires December 24, 2015               [Page 9]


Internet-Draft            Special-Use Namecoin                 June 2015


   Matthias Wachs
   Technische Universitaet Muenchen
   Free Secure Network Systems Group
   Lehrstuhl fuer Netzarchitekturen und Netzdienste
   Boltzmannstrasse 3
   Technische Universitaet Muenchen
   Garching bei Muenchen, Bayern  D-85748
   DE

   Email: wachs@net.in.tum.de


   Hellekin O. Wolf (editor)
   GNU consensus

   Email: hellekin@gnu.org


   Jacob Appelbaum
   Tor Project Inc.

   Email: jacob@appelbaum.net


   Leif Ryge
   Tor Project Inc.

   Email: leif@synthesize.us























Grothoff, et al.        Expires December 24, 2015              [Page 10]


Html markup produced by rfcmarkup 1.128b, available from https://tools.ietf.org/tools/rfcmarkup/