A Discussion About The Future of Internet Naming and Identification

About the Event

26 People met at the 97th IETF meeting in Seoul, KR to discuss the future of Internet Naming and Identification. The purpose of the gathering was to discuss the current state of Internet Naming and Identification, what where problems might exist, what issues need to be solved and what work needs to be done in order to improve upon the state of the art. Clearly the DNS has played the most major role to date, but we tried to think "outside the box" and think more generically about the total problem, rather than just the areas where the DNS protocol or deployment needs work or even just the solution space of the DNS. In short, we tried to think about and answer questions like:

  • Is Internet Naming sufficient for now and the forseeable future?
  • Are there research and/or protocol changes that need to be done?
  • Is the architecture of naming on the Internet meeting today's needs?
  • Will the current naming and identification system scale to meet the needs of the Intenet of Things (IoT)?

Discussion Format

Wes Hardaker asked everyone in turn to discuss the issues that they thought needed addressing with Internet Naming and Identification. Each person around the room got two opportunities to bring up topics that had not yet been mentioned with a few minutes to describe the problem statement or thought. Discussion about all the topics was held until the second hour. At the end of the evening we concluded with thoughts about the "next steps".

Well Summarized Output

Terry Manderson summarized the problem space well at the end of the night, which is worth putting at the top of the results:

I want a highly responsive system that ensures privacy, security, integrity, stability and resiliency, is context aware, allows consistent bidirectional mapping between names or groups of names, universally adaptable to all languages and cultures, and ensures uniqueness based on both absolute time and space, removes the query or distribution reliance on any set of operators at the root, TLD operators, or other singular entities throughout any adopted hierarchies for .. or better removes them entirely. The system should be impervious to abuse, and also being used for abuse. It needs to be backwards compatible and allows future development and deployment.

Discussion notes

The following are combined notes that were captured by myself and Dan York during the discussion:

List of topics from the discussion

As a reminder, the first hour centered entirely on listing topics that participants thought needed attention or thinking about:

  • IoT devices and global naming issues
    • today's communications are too server-to-server based
    • we need client-to-client identification solved
    • we need globally unique and persistent identifiers for everything
    • homes are very full of devices that all need names
    • need peer-to-peer naming systems
    • not all IoT devices may have IP addresses but still need names
    • naming behind gateways
  • Security and stability
    • message authentication
    • spoofing servfail is a problem, even with DNSSEC
    • flow control
      • need a dns quench mechanism for ddos
      • tell resolvers/clients to shut up for a while when under attack
    • ever continuing attacks against the DNS and by using the DNS
      • DDoS and related problems
      • What is the impact of all the abuse
      • How do we reduce the impact
      • How can we signal "stop that"
    • can resolvers play a better role in realizing they're part of an attack?
    • namecoin and other blockchain techniques
    • responsibility is hard to trace and hard to hold people accountable
    • does quantum resistant crypto need to play a role?
    • privacy and censorship issues
      • anything new shouldn't defeat privacy
      • public resolvers and cloud services and privacy issues
      • DNS data is meta data
      • can we make it safer to mine without giving away PII
    • naming mobility is not well solved
    • naming ownership: who do you call?
    • can the dns play an important role in attack detection?
    • detecting auto-names created by malware
    • consolation of providers: good or bad?
      • suppliers of dns software and the delivery mechanism are shrinking
  • Lack of thoughtful analysis on naming identifiers
    • no deep thinking - everyone takes small bites
  • Associating public key certificates with a name and the expectations of it
    • current mechanisms are far too security-geek centric
    • need keys for multiple names
    • cascading failures are an issue: DNSSEC / TLS /other can all fail
  • Operational issues
    • Upgradability issues
      • how do we encourage innovation and upgrades to the naming infrastructure
      • how do we make upgrades easier
        • (to support KSK rolls, new crypto algorithms, etc)
      • how do make developers interact better?
      • how do we support content-centric networking?
        • naming of media not just edge point nodes, but the content in them
    • Simplifying operations
  • Namespace problems as we extend naming
    • new GTLDs, conflicts with private space and other naming systems
      • or public: DNS vs X.509 CA naming
    • namespace consistency
    • the borders between the DNS and other systems need to be studied
    • studies of abstract namespaces are needed
    • special use names
    • the future seems to be about apps and walled gardens
    • short vs long term identities
    • identifiers for new devices; 192.168.1.1 means we cache lots of passwords for one device, eg. Everything spins up with new devices.
    • domain names vs URIs
    • draft-hilterbrand-deth: automated way of registering names with a parent service
    • search and social networks - social id
      • social media services are namespaces
    • search bars are the new name space and they always give an answer
      • search engines never return NXDOMAIN, but rather their best guess at where you want to go.
    • Do we need "personal" name spaces
      • name space collisions are hard here ("Joe Smith")
      • need personal identifiers that are still unique but anonymous
    • naming equivalency (character 1 = character 2)
    • nation-state boundary issues
  • Hard to think out of the current box (DNS)
    • internet specialists are too entrenched in what they know
  • Slow development
    • desire to reverse the ossification of the DNS
    • how do we extend the DNS in a sane way?
    • can we simplify the DNS?
    • how do we introduce innovation
  • Scability
    • are the upper levels still able to keep scalaing?
    • can we/must we allocated names via algorithms
      • how to communicate those names back to the infrastructure
        • example: chrome's 10-character names
        • example: inverse names in javascript and java: com.example.appname
      • Names are created by both systems and people
  • DNS Misuse, misuderstandings and hacks
    • lots of commercial dns tricks
      • CNAME at the apex of a zone, etc
      • what's the impact of this type of "abuse"?
    • "just put it in the DNS" has been successful but should it be?
    • TTL settings and ignoring of those settings
    • keywords selling via .kr, .tv, …
  • Internet governance
    • more and more government involvement is happening with the DNS
    • government censorship issues
  • Internationalization
    • still tricky
  • Optimizations
    • improving latency
    • signaling of complete error conditions is still challenging
  • Who needs to be involved
    • vendors
    • protocol developers
    • researchers
    • internationalization
    • more women
    • non-ascii base scripts
    • new people
      • this room is to a large part the usual suspects
    • can we get other people to chicago from OSes, etc
  • Consistency
    • outreach to developers of other protocols about how to use what we have
  • Future thinking type thoughts
    • do we need a hierarchical system?
    • can we do multiple mapping systems rather than just one?
    • can we eliminate the need for root servers?
      • decentralize the system
    • how do we transition?
    • what is the role of the already installed base?
    • Do we still need 'stub resolvers'?
    • multiple responses for a given query (multiple-responses in DNS)
    • do we want one or a stack of solutions?
  • misc:
    • companies want to know where they're sold devices are
    • generational names: what did I call it years ago?
      • archiving data
    • telling people you're doing DNS wrong isn't helping them
    • have we stopped pushing for diversity because we feel we are diverse?
    • can we push some DNS things out to the edge client
    • DNS over HTTP bof is also this week

Next Steps

  1. We need a mailing list
    • reuse the ARCING list?
    • reuse inip-discuss?
    • Note: As agreed in email, we created a new list for the discussion
  2. We should meet in chicago
  3. Can we pull in other people and developers?

Author: Wes Hardaker

Created: 2017-05-30 Tue 14:04

Validate