News

Hackers donate 90% of profit to charity 2019/06/13

NGI Zero awarded two EC research and innovation actions 2018/12/01

EC publishes study on Next Generation Internet 2025 2018/10/05

Bob Goudriaan successor of Marc Gauw 2017/10/12

NLnet Labs' Jaap Akkerhuis inducted in Internet Hall of Fame 2017/09/19

 

GNU Name System

[GNU Name System]

Today, the starting point of any discovery on the Internet is the Domain Name System (DNS). DNS suffers from security and privacy issues. The GNU project has developed the GNU Name System (GNS), a fully decentralized, privacy-preserving and end-to-end authenticated name resolution protocol. In this project, we will document the protocol on a bit-level (RFC-style) and create a second independent implementation against the specification. Furthermore, we will simplify the installation by providing proper packages that, when installed, automatically integrate the GNS logic into the operating system.

Why does this actually matter to end users?

Whether you want to look something up online, send an email to a friend or read the morning news, your computer panics and starts asking for help. How does it know where to retrieve or send anything? Luckily, it is connected to the domain name system. This naming system has been translating names users can remember (like ngi.eu or NLnet.nl) into numbers (or with a fancy word: addresses). Your computer has such a unique number itself, but it needs the numbers of the other computers you want to interact with to connect. You probably use domain names every day, whether you type in the address of a website, listen to a podcast or send an email.

It is called a domain name system for a reason, because it comprises more than just a naming convention. Getting a domain name involves talking to a lot of different computers. Your computer or phone basically doesn't know much about the world. One thing it does know, is how to ask that question to other, specialised computers. These computers actually also probably don't know themselves, unless they have recently answered the same question for another user. Names can change really fast for good reasons, so you would need to refresh this data a lot - otherwise users could end up on the wrong computer. The computers you sent your question to, thus pass the question on to other computers - and so forth. After just a few steps, some of the computers that were consulted get parts of the answer we were looking for. And at some point in time, the domain name system will have the entire answer. The magic happens so fast, most people are not even aware how complex this is. For them it "just works". One disadvantage: many other computers have learned something about us, about who we interact with and about our interests - in an neatly labeled way. Someone is connecting to derspiegel.de or globaleaks.com. The more unique your question, the deeper the digging inside the DNS - and the more it stands out.

Domain names are at present an critical component for users, and so also a critical point of failure and a choke point. Without functioning DNS, most people will have a hard time finding basically anything on the network of networks. There have been cases where for instance a Spanish company got their domain name taken away, even thoughwhat they did inside Europe for European citizens was legitimate here. But not in the USA. And since the organisations that handle the .org, .com and .net domain names are based in the USA, these could be forced to remove these names from the DNS.

When DNS was designed, neither security nor resilience was that much of a concern for most users. The internet in its early days was not yet 'open to the public'. This of course has changed dramatically. The massive use of the internet and thereby our dependency on DNS has highlighted very important privacy and security issues with the design of DNS. At present, it is is not always capable of preventing misleading users nor can it prevent some leakage of what users do, who they talk to and where they go.

At a larger schedule, considering resilience with regards to a perfect storm of technical and operational failure: the potential ability to somehow wreck the global DNS is a huge risk for the whole world. Having a redundant backup plan with an entirely different logic is certainly no luxury, but sane disaster prevention.

Instead of finding workarounds or patches to fix the domain name system, the GNU project offers a complete alternative. It offers privacy and security by design with the development of a new naming system that ensures privacy protection and secure connection between people, networks and services. The goal is a future-proof, private and secure system to work and actually make the internet a safer place for users. Inside the project the developers and researchers will lower the barrier to entry of using this technology, provide a meticulous documentation of the underlying protocol and independently check how it works in the real world.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322. Applications are still open, you can apply today.

Calls

Send in your ideas.
Deadline October 1st, 2019.

 

 
Last update: 2019/05/15