| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by tikkabhuna 1964 days ago
	How would you prevent a group from trolling or performing a hostile takeover of a small domain? How would someone acquire a domain? How do you determine consensus? In this case, as someone who doesn't follow Perl, how would I make an informed decision on which perl.com domain I really want?

2 comments

FeepingCreature 1964 days ago

> How would you prevent a group from trolling or performing a hostile takeover of a small domain?

Several ways.

If you are accessing the domain locally, you'd normally be looking for entries that match the private key you have stored. So if you ever went to that domain, you'll get the same remote again.

If this is your first time accessing the domain, you'd ask your peers what version of the domain they have stored. Those aren't randomly assigned, but people you know IRL, similar to Freenet. You could do some degree of onion routing if you care about keeping sites you go to private from your friends. And again, you'd only do it the first time. And this is hard to attack because you can't make a person have friends in the WOT graph.

When you are following a link, the person placing the link could always just attach the full private key to the link tag.

If you are copying a URL from your browser bar, the browser could attach a random set of index-value pairs of the private key. This would be very hard to spoof, but not increase the size of the URL by much. That would cover you for posting links in forums and chat rooms.

Of course if you were searching for the domain, your first hit would almost certainly have the correct key.

Only if you are told the URL through an out-of-band source, and almost nobody you know (transitively) has gone to that domain, you are in the situation of having to figure out which key is the true key. In that case, you could fall back to certificate checks. Note that certificates as a market are a lot more competetive than the domain name market.

So there's no one-size-fits-all solution, but just like right now, most of the time you wouldn't have to think about it. And unlike right now, if it goes wrong you get a nice error instead of silently the wrong domain.

link

FeepingCreature 1963 days ago

I just thought of a way to improve the privacy of the DNS lookup. Instead of asking for the domain name, ask for a prefix of the hash of the domain name chosen so you get maybe 20 domains back.

The point is - I got all of the above by thinking about the problem for maybe ten minutes. This is far from unsolvable. We as a community are just terminally lazy.

link

hirako2000 1964 days ago

It's not an obvious problem to solve, but nobody would invest much in performing a hostile take over of a small domain. In the case of Perl.com it looks like a hostile takeover, of a popular domain, and it didnt cost them much to take it over I guess.

link

jamespo 1964 days ago

I think it's naive to assume trolls wouldn't invest much time

link

5560675260 1964 days ago

Here [0] is an example of someone putting inordinate amount of effort to take down a tiny mastodon instance. If it would have been possible to take over a domain in a similar manner - it would have happened too.

[0] https://news.ycombinator.com/item?id=21719793

link