| addressing_and_routing.md | ||
| identity_and_naming.md | ||
| README.md | ||
Warning
This is very experimental, I do not know if any ideas stated in this are secure or scalable This is just a dumping ground for my idea to work with other people and get feed back on to try and get a MVP
Disclaimers
This is very much proof of concept. I am not a security expert however I have done my time in blue and red team professionally over the years but I am not a security researcher. However I am a very experienced infrastructure engineer and administrator with over 10 years of experience in networking, hosting, programming and most infrastructure systems. All ideas in here are currently my own. There is a possibility for systems like these to be used for illegal purposes, however that is unfortunately the cost of having truly open and free systems and it's my belief most systemic issues can be solved through societal policies not surveillance and control. My current idea is to use a ledger (blockchain) for ownership management, I know blockchains have a bad reputation and I do not agree with any of the past hype with them however this will never be used for crypto currency and the only tradable asset on it will be address ranges.
The Premise
It has been a dream of mine for a long time to have a fully decentralised networking system that is scalable and cannot be taken over by people with the means and resources. Systems like Tor really opened my eyes up as to what that could look like however it has some flaws and concepts I do not agrees with. In an ideal world the internet would be free from tampering, censorship and free to access however the world is never perfect. I have also look at other systems that try to achieve this and I do like the implementations I have concerns of scalability and/or adoption.
The end goal is to have a full end to end networking stack that allows for full zero trust decentralised networking with part or full compatibility with existing infrastructure and systems through protocol bridging devices. It should also not inhibit scaled distributed hosting for site operators.
Network stack overview
There are three major components to the networking stack; addressing and routing, identity and naming, anonymization. Each component should be able to work mostly independent however will require integration with each other. Each stack component should add no to very minimal overhead to each other layer.
Overviews on each stack component below with more detailed explanations in the relevant files in the repository.
Addressing and Routing
Addresses will be using IPV6 as it provides a large enough addressing scope where conflicts and reservation attacks is not feasible. Securing addresses will require proof of work, a key association for owner ship and will be published to the blockchain for verification of ownership. Once ownership of an address range is secured routing information can be signed by the key and published to a distributed hashtable for lookup. Routing technologies is still something I have not settled on however a BGP based systems is what I am currently thinking is best due to it being proven in production with ISP's and the possibility of using existing routers with a bridge for routing large back hauls. When a device is first connected to the network it should use a FE local link scope address or multicast to talk with there routers on the same layer 2 network for verification and seeding the hash tables before being adopted into the network. This part of the stack should be for routing only, there should be no tunnels between addresses or obscuring of the network. Interoperability with the existing traditional internet is a requirement for adoption so ISP's can run a hybrid model where they can route the new subnet for this system from their routers into the network with minimal overhead.
Identity and naming
Address ownership and site identification should be performed though the use of keys. On it's own hashtable the key's fingerprint should be stored as an index and the fingerprint is used for the domain's FQDN similar to how TOR handles it's naming. However the record that will be signed and published will be used as DNS records and identification of subkeys. The keys should also be used for SSL encryption and verification of site addresses. SSL will require custom clients until it is fully integrated into mainstream however DNS records can be used by most normal devices with the use of a self hosted DNS server (most routers are one) with a bridge for systems that do not require SSL for the new domain names. Existing domains should be able to use a TXT record to point systems to it's key ID and to allow routing of traditional domain names over this network if the provider wants to support it.
Anonymization
In the identity system there should be flags to notify if anonymization is supported by the service and if it is required. Currently garlic routing like what is implemented in I2P looks to be the best option and should be provided and enabled in the networking stack by default to stop issues of critical mass ownership like in TOR. I do no have much to say on this as other projects are much more knowledgeable on this subject and can do a much better job then I can but working with existing networks will be good.