Emerging Trends in DNS Provenance, Iot, Blockchain
Total Page:16
File Type:pdf, Size:1020Kb
Domain Name Registrar Emerging Trends in DNS Provenance, IoT, Blockchain 2019 Middle East DNS Forum Dubai, UAE Tom Barrett About EnCirca Domain Name Registrar • Formed in 2001 in Boston, USA • ICANN Accredited Registrar • Partner to TLD Registries • Restricted and regulated TLDs • White-labelled Storefronts for DotBrand and regulated registries • Validation Provider for .BANK and six other TLDs • Blockchain integration for .LUXE, XYZ • Blockchain-only TLDs Emerging Trends in DNSDomain Name Registrar • Terms and Acronyms • ICANN’s Mission vs. DNS Innovation • Trend 1: Provenance • Trend 2: Internet of Things • Trend 3: Blockchain • Could Blockchain Replace DNS? DNS – Domain Name SystemDomain Name Registrar The Internet's system for converting alphabetic names into numeric IP addresses. For example, when a Web address (URL) is typed into a browser, DNS name servers return the IP address of the Web server associated with that name. RFC – Request for CommentsDomain Name Registrar • A formal document from the Internet Engineering Task Force ( IETF ) that is the result of committee drafting and subsequent review by interested parties. • Over 8,000 RFC’s exist Top RFC Authors Domain Name Registrar Top RFC Author Number J. Postel 197 M. Rose 61 A. McKenzie 57 J. Reynolds 51 M. McGolghrie 51 S. Crocker 46 R. Braden 43 D. Crocker 40 V. Cerf 39 Y. Rekhter 35 RFC’s Pertaining to the DNSDomain Name Registrar Domain Name Registrar DNS Innovation Via RFC’s • DNSSEC (Domain Name System Security Extensions – 24 RFC’s) • IPv4 (32 bits) • 2^32 IP addresses in total — 4,290,000,000 • IPv6 (128 bits) • 2^128 Internet addresses — 340,282,366,920,938,000,000,000,000,000,000,000,000 • Internationalized Domain Names (IDN’s) • 80 language scripts • 163 TLD’s in root • DMARC • HSTS Provenance Domain Name Registrar the place of origin or earliest known history of something. "an orange rug of Iranian provenance" IoT – Internet of ThingsDomain Name Registrar • the network of devices such as vehicles, and home appliances that contain electronics, software, sensors, actuators, and connectivity which allows these things to connect, interact and exchange data. • The IoT involves extending Internet connectivity beyond standard devices, such as desktops, laptops, smartphones and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the Internet, and they can be remotely monitored and controlled. Wikipedia Chain of Title Domain Name Registrar Blockchain Domain Name Registrar • An open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way • A growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data • For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks • Once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks, which requires consensus of the network majority Wikipedia ICANN’s Mission Domain Name Registrar ICANN’s mission is to help ensure a stable, secure and unified global Internet. ICANN’s Mission Domain Name Registrar ICANN’s mission is to help ensure a stable, (1998) secure (1998) and unified (2010) global Internet. Alternative Roots Domain Name Registrar New.Net (2002) • Alternative TLDs via DNS Hi-Jacking distributed via adware • Accessible via browser plug-in • .agent, .arts, .auction, .chat, .church, .club, .family, .free, .game, .golf, .inc, .law, .llc, .llp, .love, .ltd, .med, .mp3, .school, .scifi, .shop, .soc, .sport, .tech, and .video • At one point it offered .travel, .kids, and .xxx but those were removed when they conflicted with domains proposed to ICANN in the first round of creation of new domain names in the primary root since the early history of the DNS. DNS Wildcarding Domain Name Registrar Verisign’s Sitefinder (2003) • Site Finder was a wildcard DNS record for all .com and .net unregistered domain names • Run by .com and .net top-level domain operator VeriSign for 3 weeks between 15 September 2003 and 4 October 2003. • Monetized DNS traffic for unregistered domains • Wait Listing Service provides the ability to “option” a domain name that is already registered. The option-holder then has the ability to have first rights to that domain name if the current registrant should cancel their registration Email Authentication via DNSDomain Name Registrar • DMARC = Domain Message Authentication Reporting & Conforman ce • Protocol for email authentication, policy and reporting • Implemented via .TXT records in DNS • Employs SPF and DKIM records to inform Mail Transfer Agents (i.e. Google, AOL, Hotmail, etc.) how to determine the authenticity of the email sender • Mandated for .BANK and .INSURANCE domain names • Proposed extension would apply to non-registered domains (https://tools.ietf.org/html/draft-ietf-dmarc-psd-01) Domain Name Registrar Trend 1: Provenance TLDs Verifying ProvenanceDomain Name Registrar • .MUSEUM (2001) • .COOP (2001) • .AERO (2001) • .PRO (2004) • .BANK (2014) • .PHARMACY (2014) • .REALTOR (2016) • .ART (2016) ART.ART RECORDS Domain Name Registrar How It Works Domain Name Registrar Domain Name Registrar Domain Name Registrar Art Provenance and BlockchainDomain Name Registrar • Blockchain-based Registry tracking provenance for art and collectibles • Christy’s Auction House – Artory • Portion – Blockchain-only Auction House • CryptoArt – Digital art traded via cyptocurrencies • Verisart.com • CodexProtocol = The World’s Registry for Art & Valuable Collectibles Domain Name Registrar Trend 2: Internet of Things Domain Name Registrar IPv6 Makes IoT Possible A World Exploding with DevicesDomain Name Registrar Geo-Fencing Domain Name Registrar A geo-fence is a virtual perimeter for a real-world geographic area A geo-fence could be dynamically generated—as in a radius around a point location, or a geo-fence can be a predefined set of boundaries (such as school zones or neighborhood boundaries) .PLACE TLD will be exclusively used for Geo-Fencing The Problem GeoNetwork Solves Domain Name Registrar Property Owners Regulators Developers and OEM’s App and Device Users • Multiple stakeholders • Conflicting rules • Challenging for apps and devices to follow How GeoNetwork WorksDomain Name Registrar Owners and Regulators GeoNetwork of Space PlatformGlobal Fence Mobile Apps Delivery Network Internet GeoNetwork DNS Servers Government Portals Global DNS Infrastructure SmartFence IoT Devices Database GeoDomain Business Registry SmartFence Robotics Individuals Management System Autonomous Vehicles Developers Fence Delivery Network Domain Name Registrar • Leverages the DNS (Domain Name System) • Global coordinate system maps each cubic centimeter (cm3) to IPv6 address • Proven, global scale • Delivers SmartFences using DNSSEC • Domain names are simple, memorable, meaningful Multiple Use Cases Domain Name Registrar • Robotic Lawn Mower Consumer Apps/Devices • Home Services • Pet Tracker • Geolocation-based marketing apps Event Management • Customer behavior within establishment • Mobile device management • Monitor and manage airspace Airspace Management • Fleet management of autonomous vehicles • Ramps and runways • Student attendance • Education Access to digital textbooks • Mobile device management • Third-party apps Domain Name Registrar Trend 3: Blockchain Blockchain InvestmentsDomain Name Registrar Blockchain Domain Name Registrar • Blockchain Wallet Example: 0x25313a61bef2cd064a78c19acafcf5d951703a5f • 41 million Ethereum identifiers • 99,000 new identifiers have been added every day in 2018 • Many users keep their Ethereum crypto currency in Ethereum wallets • 26 million crypto wallets now in use Will Traditional DNS scale? Domain Name Registrar • Fully distributed IoT devices require a decentralized basis for identity and discovery • the DNS depends on a centralized trust model that it ultimately dependent on 13 root name servers, which is at odds with the decentralized ethos of open blockchains • Enter technologies like Blockstack, Namecoin, and blockname • These systems provide global, decentralized registries of "things" like device identities and keys, enabling more secure bootstrapping of communication and greater trust in the overall network Decentralized DNS Domain Name Registrar Namecoin is an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities. (For the technically minded, Namecoin is a key/value pair registration and transfer system based on the Bitcoin technology.) - Bitcoin frees money - Namecoin frees DNS, identities, and other technologies. Dot BIT Domain Name Registrar The “problem” with DNS is that these DNS servers are controlled by governments and large corporations, and could abuse their power to censor, hijack, or spy on your Internet usage. This happens on a regular basis across the world, including in countries like China as well as in countries like the United States Why does Dot-Bit matter? Dot-Bit-enabled websites address this issue because instead of the DNS controlled by a corporation or government, the DNS resides on your own computer. Bitcoin technology ensures that