Private/delegated naming system?

Ofc, but then you may not get the name/IP address that you would like. Someone maybe got it before you and is impersonating you to extort from others. Is that useful to users or would they rather use a service which vetted against this sort of thing?

I get that having a single address with no middle men, no trusted 3rd parties, etc is useful - I would never wish to see the network without that either - but unique, memorable names, especially those used by trusted /known organisations, are useful and valuable. It would be great to have both.

Edit: btw, we have things that we don’t normally get when we use safe net. As we can validate the identity of a vault, we can warn the user when it changes. Likewise, we can bookmark the raw name, after resolving the DNS name to ensure we always go to it (why would it ever need to change on safe net?). We just need a hand resolving the URL initially in some cases.

1 Like

Merely a subset of JavaScript would do I guess. I for one am not going to enable a full-featured JavaScript in my SAFE browser, ever.

1 Like

Hiya! Apparently TOR hidden websites are addressed like this:



  • each website has got a binary id perhaps (the hash of) its public key
  • you can use this binary id to access the website

Is MadeSafe going to support something like this?

Perhaps a small signed blob could be stored in DHT nodes XOR-close to the id?
And that blob could reference all webpages of the website or contain some other routing info?

This is what we’re trying to avoid. Without a proper DNS, the odds of mass adoption of SAFE would be severely reduced.

  • not as the main mechanism but as an option?
  • and that is what is going on under the hood anyway, right?

The proposal is that user’s register names (presumably just by creating the appropriate structured data item - and paying for this again presumably at the normal structured data item PUT price, which is about 10x that of other data). Here is the RFC proposal for a Decentralised Naming System

“Extort” means to obtain by force or threat. Clearly it’s impossible to be threatened or forced on SAFE when nobody even knows who you are, let alone how to contact you.

When in doubt that one unreliable service isn’t working properly, you can’t query three unreliable services and pick the name that gets returned by at least two or more. You need one, correct answer. Or else you maybe getting two or three incorrect answers. That is why name resolution is hard. It must be reliable and secure.

That wouldn’t be user friendly (custom) naming that people are calling for.

Hmm, the proposal works on a first come, first serve basis, something most people seem to be against. @catbert is also against that.

Perhaps not the best choice of words. I mean using impersonation to commit fraud.

Too bad Microsoft took the name (
The name Spartan would be very suitable for this SAFE browser.

No JavaScript, static Web pages… That sounds like Gopher! I kind of liked it, but I doubt young generations will drink that Kool Aid.

One could always work in a decentralized reputation system of some kind. Most stores have user feedback options. Even thepiratebay has a comments section on torrents. It’s not exactly difficult to organize user feedback and reputation and if a registar list ended up with malfunctioning links you’d figure someone would start complaining about it and if they didn’t YOU could.

Given the decentralized and anonymity of SAFE, you can’t. This is akin to the “How do I keep from hosting child porn and terrorist content.” meme. You can’t. You have no clue who is hosting your stuff until they actually DO something on SAFE. But again why is this needed information? What does it matter if it’s the NSA or a choir boy? If they’re maintaining a reputable list then it’s usable. If they are not then it gets a bad reputation. The NSA could garner a lot of revenue by just producing good healthy content just like everyone else can.

You can’t know this using the CURRENT DNS system either so what are you complaining about?

Was just about to say this. Why are we obsessing about changes. All these DNS safe names are stored on SAFE somewhere we just need to create our own database of them. What does it matter if the DNS maintainer gets hit by a bus so long as we have a copy of working links in our own database. I’d suggest to prevent nasty DNS issues like broken or misdirected links that one regularly keep copies of each version of the DNS database of their maintainers and verify their links when a DNS maintainer does an update. You don’t need to verify every link on the net, just the one’s you use. If was working before the update and isn’t working after then try using the resolution used by the previous update. If it works you know it’s something in the new update. Just like how sometimes you get glitches in updating a linux distribution and need to use older updates. I’ve had to do more than one reinstall to resolve issues like that. (Ubuntu and Mint can be REALLY annoying that way. My laptop is STILL giving me that issue. I really need to do a reinstall on there.)

Also keep in mind that as registars grow they’ll be harder to maintain. As more broken links and misdirects show up the registar will lose reputation. So a behemoth registar will struggle to maintain it’s reputation because it’ll have to work to verify all it’s links go where they say they do. What happens if someone decides to shut down or sell their site? The little tiny registar will probably notice first. Gargantuan registar? Probably not.

It matters because a bad resolver can send you to a site that pretends to be your favorite stock exchange or Web wallet.

How do you know if a registrar (“Web site”) is reputable?
How do you know if a registrar with bad reputation is actually bad?

With the current DNS system I can (at least for practical purposes). I can directly query the registrar (without going through proxies or delegates) and always see the current, valid result (as well as check when changes were made!).
With multiple registrars that resolve/map aliases to addresses, you can create a mapping on registrar1, it turns out to be a bunch of scumbag hackers, and they don’t let you edit (update, delete) any more. Then you go to registrar2, which is nice and professional, but after collecting 50K names they ask for a small maintenance fee of 5 MAID per update, to cover their expenses.
Now after a while there may be 5 different registrars, each of which has the same alias that sends people to different addresses (and maybe just 1 of 5 has bad reputation).

How do you warn the user? You don’t even know who he is!

Okay, but that’s call “bookmarks” and “bookmark management”, not “private name system” or some fancy new schema for name/alias/DNS management.

Tor users also create bookmarks because it’s hard to remember .onion addresses. This approach doesn’t need to be discussed or developed, the feature is built into every browser.

How do you know if a seller on ebay or amazon has good or bad reputation? How do you know if a product on newegg is good or bad? How do you know if a torrent is good or bad? How do you know if a movie or book is good or bad?

Why would you need to? That’s what blogs, newsletters and other public updates are for.

But that’s what we’re discussing here. Essentially people trading public lists of bookmarks instead of having one big DNS system. What do you think DNS is? It’s a bloody long list of bookmarks! You can type in an ip address and it’ll work just fine but most people don’t want to bother to keep track of those. So what do they do? They use “bookmarks” called domain names. Same thing. You get your nice little safe space, you use the protocol listed above, it spits out a bookmark for your safespace website and you can share it publically. You can in fact build a whole list of bookmarked lists of websites and share those too. And as you go on you can collect lists from others as well.

Easily: I check with eBay.

I already explained this above and it’s very simple: it is in the economic interest of eBay to get ratings and reputation right. So they’re economically motivated to do the right thing, just like my DNS registrar who I pay every month (and can sue their ass off if they illegally modify my DNS settings).

In your case:

  • you have no idea who you’re dealing with,
  • they have no economic motivation to serve you, and
  • you have no way to do anything if they rip you off by sending you to an exchange impostor

It sounds to me like you’ve never managed a Web server.

Hmm, the topic says “Private/delegated naming system”.
Bookmark sharing is certainly doable, but inconvenient and annoying.

Perhaps you should read the OP more thoroughly.

Um what? Seriously all ebay does is provide a platform for users to PROVIDE feedback and reputation on. eBay doesn’t provide any actual reputation or ratings themselves. That’s what they get customers to do for them. Same as on Amazon or any other system. So why do you care who you’re dealing with? Just set up a decentralized DOA reputation system so users can give feedback and reputation on whatever they like and link that to the naming system. If a list admin gained a reputation for suddenly modifying their list without warning their reputation would drop and people would switch away from using their list. You don’t need to know “Who” they are. You know who they are by what they do. They’re the person maintaining the list, perhaps maintaining an awesome list, or perhaps a not so awesome list as the case may be. Their work speaks for itself, their name behind their handle is irrelevant.

“The community” wins again over outdated laws of economics!

Can’t wait to see that system in production!

He will know himself - the resolved address will have changed since he last visited. You can even be cryptographically sure you are connecting to said vault.

SSH clients do something similar when the destination server has changed.

Moreover, you could chain changes like a linked list. If the site is being transferred to a new account, you could decide only to trust it if the previous key was used to sign the change.

This has become impossible to discuss. First there’s this delegated system thing, then a new type of DNS (the RFC thing), then bookmark exchange, and now we’re back to Decentralized Naming System (the RFC).

No they don’t. They compare Public Key returned by the site’s SSH server with Public Key that was obtained before.

SAFE browser would have to be changed so that it does name lookup to this bloated hosts file. The file would always send you to the same SAFE address, that’s for sure, but I already said you can’t possibly do that for all SAFE sites on the network and unlike DNS this service couldn’t be free (because the file has to be GET from the network on a regular basis). And the other weakness (that you implicitly trust host<=>address mappings from strangers) would still be present.

Additionally, as the RFC says, it works on the First Come First Serve basis, which most people on this forum do not support.

I’ve already mentioned all these arguments several times above, but every time there’s a reply by someone who thinks a unique “solution” has been found, and each “proposal” has different weaknesses, so we’ve collected over 30 comments without getting any closer to anything that resembles a workable idea.

That is exactly what I am suggesting.

All right. With SSH that’s done by SSH server.

How do you get a public key from a SAFE Web server? By requiring every server to have a SSL/TLS cert? Issued by who?

Safe net is full of key pairs. The first come, first serve name servers would use signatures to tie a name to an identity (I believe). The point of safe net is that you don’t need issued certificates at all.

As said above, I am not against the proposed name system - it is as good a way as any to address a vault and better than meaningless IP addresses. It lets us securely resolve a vault. Sadly, the common names will be snapped up quickly though, which is why I suspect you will need another layer, just as regular DNS resolves to numeric IP addresses on the regular internet.

Regarding bloated hosts files, I highly doubt that it would be slower than resolving against a remote DNS server, especially as a memory cache will almost always be perfect (as names will seldom change, unlike IP addresses).