I am looking at the web page of the P2P “Open NIC” project: http://wiki.opennicproject.org/dotP2PTLD.
They intend to create a DNS registry for P2P names. I am sure that they are
well intentioned, but I can help thinking that there is a contradiction between
the goal of “independence from authority” and the means of “let’s create a
virtuous central registry.” The central registry is a single point of failure, interference
by governments being one of many failure modes.
In a true P2P system, we want participants to be able to
create names “at will.” But there is a problem. What if two participants decide
to register the same name? How do we decide who gets to use that name? How do
we even know that two parties are trying to use the same name?
We could of course try to use the name system itself to “resolve
the collisions.” A participant chooses a name, but before using it checks
whether that name is already in use. That is certainly good practice, but it is
not failure proof. For example, two participants could create the same name at
the same time, and not find out until later. A partial failure of the system at
the time of the check would also prevent the participant to find out that the
name already exists.
In PNRP, we only solved that problem by allowing multiple
nodes to publish the same name. We introduced the concept of a “name instance,”
i.e. a combination of a name and an instance number. There can be multiple
nodes publishing the same name, but each name and instance number pair is
unique. Our initial idea was to use IPv6 addresses as the instance number, which
guarantees that the instances are unique.
Of course, instance numbers are not sufficient to guarantee
that there is only one “owner” for a name. We only solved that in PNRP for the “secure”
names, derived from a public key. Only the owner of the public key, or a node
authorized by that owner, can publish the name. In PNRP, we tied names to keys
by making the name a hash of the key. These names are thus very large random
numbers, so large that having a collision is extremely unlikely. But it also
limits their use to specific applications.
I am pretty sure that we could rework the “secure
name” idea to work in a P2P DNS environment. The big question is, can we do
that without maintaining a central registry?
Christian Huitema 
So by your suggestion, if a browser is sent to $VENDOR site, it will probably (because of spammers or attackers) obtain several IP addresses, and it should select one among those signed by a trusted party. Right?
Then what is the process for signing ($VENDOR, $ADDRESS) pairs? Do we rely on Verisign & friends again, or do you suggest another scheme?
This is a huge problem — how to prevent spoofing in P2P name services. Also, P2P name resolution needs protection against the “sybil attack.” But first, we need to think hard about what a name is. Please allow me some time to write it up!
Hello, Christian! Thanks for taking the time to mention OpenNIC on your blog. I just wanted to offer up one small correction: We were actually approached by NovaKing as part of his efforts to develop a decentralized p2p DNS. The intention is, and always has been, to utilize the existing infrastructure of OpenNIC until such time that the p2p decentralized DNS project can support itself with its own infrastructure.
–Brian
I notice the mention of the “.key” initiative on the dot-p2p page. Personally, I find that much more interesting than the P2P replication of a centralized register.