Private/delegated naming system?

“Extort” means to obtain by force or threat. Clearly it’s impossible to be threatened or forced on SAFE when nobody even knows who you are, let alone how to contact you.

When in doubt that one unreliable service isn’t working properly, you can’t query three unreliable services and pick the name that gets returned by at least two or more. You need one, correct answer. Or else you maybe getting two or three incorrect answers. That is why name resolution is hard. It must be reliable and secure.

That wouldn’t be user friendly (custom) naming that people are calling for.

Hmm, the proposal works on a first come, first serve basis, something most people seem to be against. @catbert is also against that.

Perhaps not the best choice of words. I mean using impersonation to commit fraud.

Too bad Microsoft took the name (
The name Spartan would be very suitable for this SAFE browser.

No JavaScript, static Web pages… That sounds like Gopher! I kind of liked it, but I doubt young generations will drink that Kool Aid.

One could always work in a decentralized reputation system of some kind. Most stores have user feedback options. Even thepiratebay has a comments section on torrents. It’s not exactly difficult to organize user feedback and reputation and if a registar list ended up with malfunctioning links you’d figure someone would start complaining about it and if they didn’t YOU could.

Given the decentralized and anonymity of SAFE, you can’t. This is akin to the “How do I keep from hosting child porn and terrorist content.” meme. You can’t. You have no clue who is hosting your stuff until they actually DO something on SAFE. But again why is this needed information? What does it matter if it’s the NSA or a choir boy? If they’re maintaining a reputable list then it’s usable. If they are not then it gets a bad reputation. The NSA could garner a lot of revenue by just producing good healthy content just like everyone else can.

You can’t know this using the CURRENT DNS system either so what are you complaining about?

Was just about to say this. Why are we obsessing about changes. All these DNS safe names are stored on SAFE somewhere we just need to create our own database of them. What does it matter if the DNS maintainer gets hit by a bus so long as we have a copy of working links in our own database. I’d suggest to prevent nasty DNS issues like broken or misdirected links that one regularly keep copies of each version of the DNS database of their maintainers and verify their links when a DNS maintainer does an update. You don’t need to verify every link on the net, just the one’s you use. If was working before the update and isn’t working after then try using the resolution used by the previous update. If it works you know it’s something in the new update. Just like how sometimes you get glitches in updating a linux distribution and need to use older updates. I’ve had to do more than one reinstall to resolve issues like that. (Ubuntu and Mint can be REALLY annoying that way. My laptop is STILL giving me that issue. I really need to do a reinstall on there.)

Also keep in mind that as registars grow they’ll be harder to maintain. As more broken links and misdirects show up the registar will lose reputation. So a behemoth registar will struggle to maintain it’s reputation because it’ll have to work to verify all it’s links go where they say they do. What happens if someone decides to shut down or sell their site? The little tiny registar will probably notice first. Gargantuan registar? Probably not.

It matters because a bad resolver can send you to a site that pretends to be your favorite stock exchange or Web wallet.

How do you know if a registrar (“Web site”) is reputable?
How do you know if a registrar with bad reputation is actually bad?

With the current DNS system I can (at least for practical purposes). I can directly query the registrar (without going through proxies or delegates) and always see the current, valid result (as well as check when changes were made!).
With multiple registrars that resolve/map aliases to addresses, you can create a mapping on registrar1, it turns out to be a bunch of scumbag hackers, and they don’t let you edit (update, delete) any more. Then you go to registrar2, which is nice and professional, but after collecting 50K names they ask for a small maintenance fee of 5 MAID per update, to cover their expenses.
Now after a while there may be 5 different registrars, each of which has the same alias that sends people to different addresses (and maybe just 1 of 5 has bad reputation).

How do you warn the user? You don’t even know who he is!

Okay, but that’s call “bookmarks” and “bookmark management”, not “private name system” or some fancy new schema for name/alias/DNS management.

Tor users also create bookmarks because it’s hard to remember .onion addresses. This approach doesn’t need to be discussed or developed, the feature is built into every browser.

How do you know if a seller on ebay or amazon has good or bad reputation? How do you know if a product on newegg is good or bad? How do you know if a torrent is good or bad? How do you know if a movie or book is good or bad?

Why would you need to? That’s what blogs, newsletters and other public updates are for.

But that’s what we’re discussing here. Essentially people trading public lists of bookmarks instead of having one big DNS system. What do you think DNS is? It’s a bloody long list of bookmarks! You can type in an ip address and it’ll work just fine but most people don’t want to bother to keep track of those. So what do they do? They use “bookmarks” called domain names. Same thing. You get your nice little safe space, you use the protocol listed above, it spits out a bookmark for your safespace website and you can share it publically. You can in fact build a whole list of bookmarked lists of websites and share those too. And as you go on you can collect lists from others as well.

Easily: I check with eBay.

I already explained this above and it’s very simple: it is in the economic interest of eBay to get ratings and reputation right. So they’re economically motivated to do the right thing, just like my DNS registrar who I pay every month (and can sue their ass off if they illegally modify my DNS settings).

In your case:

  • you have no idea who you’re dealing with,
  • they have no economic motivation to serve you, and
  • you have no way to do anything if they rip you off by sending you to an exchange impostor

It sounds to me like you’ve never managed a Web server.

Hmm, the topic says “Private/delegated naming system”.
Bookmark sharing is certainly doable, but inconvenient and annoying.

Perhaps you should read the OP more thoroughly.

Um what? Seriously all ebay does is provide a platform for users to PROVIDE feedback and reputation on. eBay doesn’t provide any actual reputation or ratings themselves. That’s what they get customers to do for them. Same as on Amazon or any other system. So why do you care who you’re dealing with? Just set up a decentralized DOA reputation system so users can give feedback and reputation on whatever they like and link that to the naming system. If a list admin gained a reputation for suddenly modifying their list without warning their reputation would drop and people would switch away from using their list. You don’t need to know “Who” they are. You know who they are by what they do. They’re the person maintaining the list, perhaps maintaining an awesome list, or perhaps a not so awesome list as the case may be. Their work speaks for itself, their name behind their handle is irrelevant.

“The community” wins again over outdated laws of economics!

Can’t wait to see that system in production!

He will know himself - the resolved address will have changed since he last visited. You can even be cryptographically sure you are connecting to said vault.

SSH clients do something similar when the destination server has changed.

Moreover, you could chain changes like a linked list. If the site is being transferred to a new account, you could decide only to trust it if the previous key was used to sign the change.

This has become impossible to discuss. First there’s this delegated system thing, then a new type of DNS (the RFC thing), then bookmark exchange, and now we’re back to Decentralized Naming System (the RFC).

No they don’t. They compare Public Key returned by the site’s SSH server with Public Key that was obtained before.

SAFE browser would have to be changed so that it does name lookup to this bloated hosts file. The file would always send you to the same SAFE address, that’s for sure, but I already said you can’t possibly do that for all SAFE sites on the network and unlike DNS this service couldn’t be free (because the file has to be GET from the network on a regular basis). And the other weakness (that you implicitly trust host<=>address mappings from strangers) would still be present.

Additionally, as the RFC says, it works on the First Come First Serve basis, which most people on this forum do not support.

I’ve already mentioned all these arguments several times above, but every time there’s a reply by someone who thinks a unique “solution” has been found, and each “proposal” has different weaknesses, so we’ve collected over 30 comments without getting any closer to anything that resembles a workable idea.

That is exactly what I am suggesting.

All right. With SSH that’s done by SSH server.

How do you get a public key from a SAFE Web server? By requiring every server to have a SSL/TLS cert? Issued by who?

Safe net is full of key pairs. The first come, first serve name servers would use signatures to tie a name to an identity (I believe). The point of safe net is that you don’t need issued certificates at all.

As said above, I am not against the proposed name system - it is as good a way as any to address a vault and better than meaningless IP addresses. It lets us securely resolve a vault. Sadly, the common names will be snapped up quickly though, which is why I suspect you will need another layer, just as regular DNS resolves to numeric IP addresses on the regular internet.

Regarding bloated hosts files, I highly doubt that it would be slower than resolving against a remote DNS server, especially as a memory cache will almost always be perfect (as names will seldom change, unlike IP addresses).

All right, but this topic and many others was started with the idea to eliminate First Come First Serve.
(The addresses wouldn’t be IP, but similar to Onion).

1 Like

We probably need a consistent lexicon for this stuff. It is hard to articulate which name is which and hwo they may be associated. Apologies if I haven’t been clear.

Hey thanks for the discussion! It has helped a lot to get my thoughts together.
Could you please rate sections A and B separately?

A+B+ would mean you like both
A-B- would mean you support neither


There is an appetite for alternative name resolution systems in MadeSafe

  • initial distribution of names can end up being seen as unfair or inconvenient
  • early adopters of MadeSafe may want extra freedom
  • trial and error may prove some systems superior to others


In order for different naming systems to co-exist a two-tier approach is proposed

  • a website is identified by its public key hash
  • a naming system maps human readable names to hashes
  • a user freely chooses which naming system to use

Examples: local bookmarks, first-come-first-served, curated.
Hyperlinks use hashes, reverse lookup converts them to a human-readable form.


  • I support “complicated” links like Onion has them
  • If a friendly system is created, I vote for most-pay-first-serve distribution (which I would use to auction off names and put in the money in the MaidSafe Foundation)

Here’s CJD implementation on DNS.

Edited: It uses bitcoin.

Would love to see “complicated” links supported.
Could be printed (possibly as Q-code) on

  • papers from my bank
  • business cards

Bookmarks created this way would have my highest level of trust