the missing piece: on namespace management in ndn and...
Post on 12-Mar-2020
9 Views
Preview:
TRANSCRIPT
The Missing Piece: On Namespace Management in NDN andHow DNSSEC Might Help
Pouyan Fotouhi Tehrani1, Eric Osterweil2, Jochen Schiller3,Thomas C. Schmidt4, Ma�hias Wahlisch3
1Weizenbaum Institut / Fraunhofer FOKUS 2George Mason University 3Freie Universitat Berlin 4Hamburg University of Applied Sciences
September 25, 2019
1 / 11
Benjam
in Fran
klin
usatoday.com.cobloomberg.ma
Oh, what a tangled web we weave,when first we practice to deceive!
– William Shakespeare
Benjam
in Fran
klin
usatoday.com.cobloomberg.ma
Oh, what a tangled web we weave,when first we practice to deceive!
– William ShakespeareWalter Sco�
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
JAIN!
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
JAIN!
YES.Technical aspects:- Self-certifying names- Trusted third parties (TTP)- . . .
HOLD UP!
Isn’t that what NDN DNS (NDNS) [Afanasyev, 2013] does?
. . . or even CCN Key Resolution Service (CCN-KRS) [Mahadevan, 2014]?
JAIN!
YES.Technical aspects:- Self-certifying names- Trusted third parties (TTP)- . . .
NO.Non-technical aspects:- Trademarks- Legal disputes- . . .
* Graphics licensed under CC-BY 4.0 – Twi�er, Inc and other contributors
Internet Phone Book
How entries are enteredand read from phonebook.
IETF for DNS
How to decide whatnames should be entered
in the phonebook.ICANN for DNS
O�en contentious. . .
* Graphics licensed under CC-BY 4.0 – Twi�er, Inc and other contributors
Internet Phone Book
How entries are enteredand read from phonebook.
IETF for DNS
How to decide whatnames should be entered
in the phonebook.ICANN for DNS
O�en contentious. . .
* Graphics licensed under CC-BY 4.0 – Twi�er, Inc and other contributors
Internet Phone Book
How entries are enteredand read from phonebook.
IETF for DNS
How to decide whatnames should be entered
in the phonebook.ICANN for DNS
O�en contentious. . .
* Graphics licensed under CC-BY 4.0 – Twi�er, Inc and other contributors
Internet Phone Book
How entries are enteredand read from phonebook.
IETF for DNS
How to decide whatnames should be entered
in the phonebook.ICANN for DNS
O�en contentious. . .
* Graphics licensed under CC-BY 4.0 – Twi�er, Inc and other contributors
But, why did we wind up needing this (for DNS)?
Internet Phone Book
How entries are enteredand read from phonebook.
IETF for DNS
How to decide whatnames should be entered
in the phonebook.ICANN for DNS
O�en contentious. . .
But, why did we wind upneeding this for (global) naming?
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882 year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1994: RFC 1591“It is up to the requestor to be surehe is not violating anyone else’s Trademark.”
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
year
domainna
mes
(#)
1996: First court ruling in GermanyDomain names are comparable to “telephonenumbers, bank routing numbers or postal codes.”
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
1997: Court ruling in GermanyDomain names indicate origin andcan be related to natural and legal persons.
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1999: UDRP Launch
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
5 / 11
1998: ICANN Green/White Paper
1999: UDRP Launch
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
0
1000
2000
3000
4000RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
disputecasesbefore
WIPO(#)
5 / 11
1998: ICANN Green/White Paper
1999: UDRP Launch
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
0
1000
2000
3000
4000RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
disputecasesbefore
WIPO(#)
2003: RFC 3467“Increasing commercialization of the Internet, and visibility ofdomain names that are assumed to match names of companies orproducts, has turned the DNS and DNS names into a trademarkba�leground.”
5 / 11
1998: ICANN Green/White Paper
1999: UDRP Launch
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
0
1000
2000
3000
4000RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
disputecasesbefore
WIPO(#)
2006: RFC 4367“[. . . ] there has been a strong demand to acquire names thathave significance to people, through equivalence toregistered trademarks, company names, types ofservices, and so on. There is a danger in this trend [. . . ]”
5 / 11
1998: ICANN Green/White Paper
1999: UDRP Launch
1985 1990 1995 2000 2005 2010 2015 2020
103
104
105
106
107
108
109
1010
0
1000
2000
3000
4000RFC 1296 ISC
1983: RFC 882
1987: RFC 1034
.com boom
1997: Initiating DNS Privatization
year
domainna
mes
(#)
disputecasesbefore
WIPO(#)
Lessons learnt:1. Names are not just labels used to identify things,
they require policy and context.2. If ICN is to experience its own boom, holistic
namespace management is required.
5 / 11
Agenda
Introduction
Namespace Management in ICN
NDNSSEC: NDN + DNSSEC
Conclusion and Research Roadmap
6 / 11
Agenda
Introduction
Namespace Management in ICN
NDNSSEC: NDN + DNSSEC
Conclusion and Research Roadmap
6 / 11
Namespace Management ConceptGeneric ICN
ICN Namespace N
Zone Zi ∈ Z
Divided Into Zones
g Zone Ownermanages
� Producers
authorizes
provision under
7 / 11
Namespace Management ConceptGeneric ICN
ICN Namespace N
Zone Zi ∈ Z
Divided Into Zones
g Zone Ownermanages
� Producers
authorizes
provision under
7 / 11
Namespace Management ConceptGeneric ICN
ICN Namespace N
Zone Zi ∈ Z
Divided Into Zones
g Zone Ownermanages
� Producers
authorizes
provision under
7 / 11
Namespace Management ConceptGeneric ICN
ICN Namespace N
Zone Zi ∈ Z
Divided Into Zones
g Zone Ownermanages
� Producers
authorizes
provision under
7 / 11
Agenda
Introduction
Namespace Management in ICN
NDNSSEC: NDN + DNSSEC
Conclusion and Research Roadmap
8 / 11
NDNSSEC
DNS Zone Space
.
com. org.
ietf.org.
tools.ietf.org.
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: DNS Zone Appropriation for NDN
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authorization
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...
Excerpt of DNS zone records
g Producer g Zone Owner
provides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authorization
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authorization
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Data Publishing
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/html/rfc882
Meta Info
Content
Data Packet
g Producer
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Data Publishing
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Data Packet
g Producer
prefix w/ zone apex
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Data Publishing
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Data Publishing
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
register
on NDN
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authentication
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authentication
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authentication
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
NDNSSEC: Producer Authentication
ndnified DNS Zone Space
/
/com /org
/org/ietf
/org/ietf/tools
tools.ietf.org 1800 IN RRSIG DNSKEY 7 2 1800 ...tools.ietf.org 1800 IN DNSKEY 256 3 6 ...tools.ietf.org 1800 IN DNSKEY 257 3 7 ...tools.ietf.org 1800 IN DNSKEY XXX X X ...
Excerpt of DNS zone records
g Producer g Zone Ownerprovides
credentials
enlistscredentials
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Producer
prefix w/ zone apex
sign
/org/ietf/tools/html/rfc882
Meta Info
Content
Signature
Data Packet
g Consumer
retrieves
fetche
scredentials
verifies signature
9 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are
4 Ecosystem to globally manage andsecure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to be
Ü DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are4 Ecosystem to globally manage and
secure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to be
Ü DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are4 Ecosystem to globally manage and
secure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to be
Ü DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are4 Ecosystem to globally manage and
secure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to be
Ü DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are4 Ecosystem to globally manage and
secure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to beÜ DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
Conclusion and Research Roadmap
Multi-stakeholder scenarios require namespace management.
Where we are4 Ecosystem to globally manage and
secure names (based on DNS)
4 Prototype to synergize with NDN
Where we want to beÜ DNS data w/o DNS transport
Ü Evaluate performance and feasibility(synchronization disparities, etc.)
10 / 11
top related