2013-wachs-feasibility
findings extracted from this paper
-
A browser-history survey found that approximately 8% of domain name resolutions involved typing in a genuinely new domain not reachable via an existing link, meaning a SDSI/petname delegation-based name system could serve roughly 92% of real-world Web navigation without requiring any out-of-band key exchange.
-
In a DHT-based censorship-resistant name system, poisoning attacks (injecting invalid mappings) are neutralized by requiring signature verification on stored values; eclipse attacks (isolating specific mappings from the network) require replication across multiple DHT nodes. Critically, decentralizing lookups from a single ISP resolver to a DHT shifts query visibility from ISPs to arbitrary peers, requiring per-query encryption keyed to secrets known only to the querying client to limit adversaries to confirmation attacks.
-
DNSSEC's hierarchical delegation structure provides no protection against state-level censors: governments can legally compel top-level domain operators to alter records, and coerced results still validate because they are signed by the coerced-but-technically-legitimate authority — making end-to-end DNSSEC security insufficient to detect such attacks.
-
Pseudo-TLDs (e.g., '.key' for cryptographic-identifier namespaces, '.pet' for petname systems) allow multiple censorship-resistant name systems with distinct security trade-offs to coexist transparently alongside DNS via Name Service Switch configuration, with system-specific resolution logic applied per TLD and no application reconfiguration required by users.
-
In an adversary model where the censor may hold more computational power than all honest nodes combined, a squatting attack lets the adversary enumerate and pre-register every memorable name, formally proving it is impossible to simultaneously achieve memorable, secure, and global names in a single name system (Zooko's triangle).