Private/delegated naming system?

Hi, I read the ever-lasting GNUNet project has adopted
an interesting domain name resolution model.

  • each user has a publicKey identifying him
  • each user has a publicly-visible catalogue of publicKey/name pairs

Suppose you register some publicKeys under names “aaa” and “bbb” in your catalogue
Suppose I register your publicKey under name “bob” in mine

Then for me

  • “” would resolve to your publicKey
  • “” would resolve to what you registered as “aaa”
  • “” would resolve to what you registered as “bbb”

You see? Firstly I can use whatever names I like for myself.
Secondly anybody can collect and publish a large catalogue of useful links
and I can “mount” his catalogue for myself!

Imagine Richard Stallman collects a huge and useful
list of names and publishes it in his catalogue.

I then would register his public key as “richard” in my catalogue so that I could access links posted by him
as “”, “”, etc

Wouldn’t you prefer that over First-Come-First-Serve basis?
Indeed there is no hope wikipedia will grab safe://wikipedia - some porn protal will grab it
There is no hope facebook will become safe://facebook - some enlarge your … ads will be there

Extra details:

  • in GNUNet there is actually a plan to have one common First-Come-First-Serve catalogue. It is planned to be just one of the many catalogues available online. So that people would be free to “mount” it under a name of their choice - say - “” if they like it! And if it turns out to be rubbish - people would be free to ignore it

  • under GNUNet plan you would be able to mark some of the records in your catalogue as private; this would prevent others from seeing them - this is a privacy feature

  • GNUNet don’t claim they have invented the approach. They say it originates from smth called “rivest sdsi” and is also used in something called “UIA”

P.S. sorry for an “uncategorized” post; I would move it to “Features” now if I could


RFC material if there even was, for sure. I find this very interesting indeed, but not sure it’s not just delegation/ Interesting for sure though, there is something here I feel.

Yeah, I suggested this. Janitor seems to beg the differ. The dns is assigned to IP address, so it seems.

But with small modification, I am sure this would work out. I still think the current proposal seems reasonable. I leave it up to debate. DNS name resolver should not be valuable at all. It should be like steam, or gnu name system.

Grizmo: I thought

  • each “website” in MadeSafe is identified and accessed via a binary id
  • MadeSafe decides where and how the actual data chunks are stored

The problem I’m trying to solve is how to map human-readable names to this binary id
I’m a noob please direct me to reading material :smile:

You should probably have said “Secondly anybody must collect…” because unless you publish, there is no way for me to find the site. Publishing of your “bookmarks” becomes mandatory (and the next problem is where do I find what each individual has published).

That’s an unpleasant thought. I’d rather deal with DNS service.

You’re mixing up safe:// and .safe (perhaps you should visit more porn portals to educate yourself?), but yes, I would prefer the FCFS approach.
One related worthy idea was for the Foundation to auction .safe domains and use the proceeds for platform development.

Interesting, but as I look at it, we’re basically talking about a curated register which would have to ride on top of some fundamental system anyway.

I DO definitely think that curated content aggregators will be a useful and even vital aspect of how the SAFE network develops, but it still has to ride on top of a network-level system.

ADD: Probably there will be competing aggregators or listing services to which one may submit our name/address for inclusion.


Presumably, competing organizations could compete to provide the best registries? Sounds good to me - like dns but with more options and competition.

While people could contribute their bookmarks, I suspect it would scale away from that in most cases. The registrars like ICAN, nominet… Even godaddy, mark monitor etc would probably be used commonly. Maybe a combination even… Perhaps a Snowdon inspired registry would be available too.

Edit: in fact, as long as they can be nested/overlayed, you could pick priority order and go with the best suited to your preferences. E.g uncensored, child friendly, etc.


And how do I know the listing service I was told is “awesome” isn’t ran by the NSA and is directing me to the right site?

My preference is avoid a registrar ran by hackers* or the government. Please explain how do I do that.

*imagine entering in your address bar and ending up on while in your office.

  • I can’t ever know (assuming there are many sites) which sites I can’t navigate because they’re gone, and which because the registrar dude went on vacation (or got hit by a bus).
  • If you don’t like some particular content, don’t click on links such! And the idea that a kid wouldn’t figure out that doesn’t resolve and wouldn’t simply open his own Safe account (and use a porn-friendly registrar) is really childish!

Guys, you keep reinventing the wheel so that all infrastructure ever invented can run within SAFE Network. Hopefully the futility of this idea will gradually dawn on more forum members.


I am not convinced this follows.

We all trust agencies, whether they are government ran, open source distributions, maidsafe, etc. We have to trust agencies, as there is simply too much knowledge to digest by ourselves.

We could use multiple signature structured data types to allow a majority at a registrar to make changes. This avoids the bus death/holiday/mad dictator scenarios. Even if the organisation was subverted, you could pick another, just as we may switch to a different Linux distribution, etc.

All DNS is on the current internet, is a bunch of links to other DNS servers, then ultimately as IP address. It is easy to reproduce this using structured data types. People would just delegate or assign accordingly.

Ofc, we could piggyback off the existing DNS content. We could add safe net names as sub-domains with little bother. We could also start mirroring existing DNS data onto safe net. I don’t think any of this is made impossible here.

If you still have any SAFE left in your wallet by that time.

Do you want to allow anyone (let alone a majority!) make changes to DNS configuration of your Web site? Who’s gonna compensate you for mistake in voting that redirects your esteemed customers to

And why should anyone have to vote for every change in order to keep the system running? There are hundreds of thousands of DNS changes every day (there would be less on MaidSafe, but even if there were 10, who would want to vote every day on that nonsense?).

We’ll see if that’s true when/if they decide to reinvent this wheel.

This ought not become an attack vector on SAFE. The only way that could be harmful is if SAFE sites can execute malicious scripts that de-anonymise you or infect your system. We should make sure that on SAFE, browser scripts (like JavaScript) don’t have nearly the same capabilities as they have on the old web. SAFE sites should never use WebSockets for example. They go against the server-less model of SAFE and would bring with them the vulnerabilities of the old web.

Any browser scripts should be severely limited and strongly sandboxed on SAFE. They should only have access to the SAFE API and their own sandboxed environment.


Well, I have to trust someone to broadcast it or be forced to tell everyone myself. Either that ends up being the big government controlled organisations or other parties I choose to trust.

With DNS, you could choose different name servers, which publish uncensored domains. However, no one does and it probably relates to the cost of infrastructure.

Safe net may more easily allow alternatives, as anyone can host DNS entries from their own vault. You just need to publish them somewhere to announce them to others.

My point is not whether curated content or ICANN-type dns curation is good or bad, just inevitable. Those who wish to have a tamed experience, where they won’t run into anything that challenges their beliefs or sensibilities can and will have the option of walking in whatever walled garden they chose. Do they know who “really” curates it? Possibly not. Can reputation figure in? Certainly it will. Webs of trust and reputation will be vital.

Additionally, phishing and site spoofing and the like will be a considerable potential problem that will have to be accounted for by ID authorities of choice. I’m inclined to think we’ll have multiple such competing services and apps to poll for consensus amongst them, when in doubt.

The SAFE Network, however well designed, won’t replace the need to establish person-to-person trust systems. It can establish cryptographic identity with certainty, but that can’t, itself, establish trust. That’s a framework which has to built on top of the network.

Why? You ask me what’s the address of, and I (the registrar) send you to an address of my choice.

Are you saying there would have to be a MaidSafe version of JavaScript, too?

I know, but (for comparison) in the bitcoin world you don’t have to trust anyone. You could publish your SAFE (or IP, for non-SAFE) address and let the world know. If it changes, you publish an updated version. Do you see the difference?

In cases where a PoW style public ledger is not used, you have to trust the registrar (or your DNS provider, if you don’t use your registrar for that), but that’s still different from SAFE Network, because by definition you don’t know who’s your registrar (if you do know, then the government knows too, and any and all SAFE sites’ name resolution can be stopped by removing your address to name mapping from the registrar).

To summarize my comparison:

  • In the real world you have your ISP or registrar who you know and pay, so unless threatened by the government they’ll tend to do a good job
  • In the (pseudo?)anonymous P2P/crypto world:
  • you don’t know who the guy is (and you probably don’t pay him), in which case you have no way to do anything about it if he screws you over (the fact that through a WOT many users trust him doesn’t protect you from being screwed over)
  • or, you do know who he is, but in that case the government knows it too, so they have a choke point for your services

Ofc, but then you may not get the name/IP address that you would like. Someone maybe got it before you and is impersonating you to extort from others. Is that useful to users or would they rather use a service which vetted against this sort of thing?

I get that having a single address with no middle men, no trusted 3rd parties, etc is useful - I would never wish to see the network without that either - but unique, memorable names, especially those used by trusted /known organisations, are useful and valuable. It would be great to have both.

Edit: btw, we have things that we don’t normally get when we use safe net. As we can validate the identity of a vault, we can warn the user when it changes. Likewise, we can bookmark the raw name, after resolving the DNS name to ensure we always go to it (why would it ever need to change on safe net?). We just need a hand resolving the URL initially in some cases.

1 Like

Merely a subset of JavaScript would do I guess. I for one am not going to enable a full-featured JavaScript in my SAFE browser, ever.

1 Like

Hiya! Apparently TOR hidden websites are addressed like this:



  • each website has got a binary id perhaps (the hash of) its public key
  • you can use this binary id to access the website

Is MadeSafe going to support something like this?

Perhaps a small signed blob could be stored in DHT nodes XOR-close to the id?
And that blob could reference all webpages of the website or contain some other routing info?

This is what we’re trying to avoid. Without a proper DNS, the odds of mass adoption of SAFE would be severely reduced.

  • not as the main mechanism but as an option?
  • and that is what is going on under the hood anyway, right?

The proposal is that user’s register names (presumably just by creating the appropriate structured data item - and paying for this again presumably at the normal structured data item PUT price, which is about 10x that of other data). Here is the RFC proposal for a Decentralised Naming System