Chinese government entity files U.S. patent application for blockchain-based DNS.
The Chinese government wants a U.S. patent for a decentralized, blockchain-based DNS that could compete with the existing domain name system overseen by ICANN.
The China Internet Network Information Center (CNNIC), the internet division under China’s Ministry of Industry and Information Technology, filed a U.S. patent application (pdf) for Blockchain multi-party shared-governance-based system for maintaining domain name information.
In the application, CNNIC explains what it believes is troublesome with the current system:
However, at present, the domain name root service system is centrally managed and maintained by ICANN and related agencies thereof, which leads to inefficient and inconvenient domain name application, maintenance and use to some extent. In addition, the hierarchical central management mode of the DNS system presents deficiencies in fairness and stability, as well as the most important issue, that is security risks, such as DDoS and DNS cache pollution. Since all data is stored centrally on the central server, it is very likely that the domain name holder or even the entire system will suffer losses due to operational errors or attacks on the domain name information without the assistance or regulation of a second equivalent agency. In the process of implementing the embodiments of the present application, the inventor has found that in the traditional DNS service system adopting a centralized maintenance method, the normal operation of the entire system will be affected and the system has low stability and security once the central server is attacked or operated incorrectly.
CNNIC’s solution is:
a Root blockchain, formed by first network nodes where top-level domain registries are located;
collecting, by each authoritative node among the first network nodes, domain name operation information from each first network node, and packing the collected domain name operation information to obtain first block information;
broadcasting, by a first authoritative node, the first block information to each second authoritative node, receiving verification result on the first block information sent by each second authoritative node, and broadcasting the first block information to each first network node to execute the domain name operation information in the first block information at each first network node in the Root blockchain when the number of authoritative nodes by which the verification of the first block information passes exceeds a first preset threshold;
wherein, each authoritative node among the first network nodes is reviewed and determined by a preset review mechanism, and the authoritative nodes in the Root blockchain includes a first authoritative node and a plurality of second authoritative nodes.
The application explains the benefits of this approach:
…Through such a decentralized method for maintaining domain name information, the final state will not be affected by a mistake or an attack on one network node, resulting in higher security and better stability of the entire system compared to the centralized maintenance method. Furthermore, all the domain name operation information is stored in each first network node in the Root blockchain to prevent malicious tampering, and a reliable data source is provided for update of domain name.
Most proponents of decentralized domain name systems promote that they make it difficult to censor domains and their associated websites. That is likely counter to CNNIC’s goals.
CNNIC filed the application in December, claiming priority to a patent it filed in China in 2019.
How will this be different than the existing Handshake Protocol?
If not, then why not just use Handshake?
“Leaked Documents Reveal Xi Jinping’s Communist Chinese Plan to Control the Internet’s Root”
https://www.circleid.com/posts/20210503-leaked-documents-reveal-chinas-plan-to-control-internet-root/
There concept has so many issues to unpack, with a decentralized blockchain DNS, that it would take a whole article to cover it.
Number one, I don’t trust a communist country’s intention in delivering freedom and access through the foundation of a domain name system that they initiate. What is the formula that they will use in its propagation? That being said, there is some merit in what their patent application could be used for. They talk about a secondary assistant decentralized DNS to “assist” in the current centralized DNS. Is that a smokescreen?
Does China see the relevance of an already trusted aspect of the current system in a trusted and invested .com hierarchy being the tip of the spear?
China does seem to currently invest heavily in generic, numbered and two, three, and four letter .com domain names.
A domain name system is simply that-domain names that are used for a purpose. China and it’s billion and a half people can be used as a force to create, move, and promote individual domain name creation and development to propagate their decentralized block chain system. That would be paramount to its command and control of its DNS.
That in itself carries a huge amount of gravity to dictate whether their system would be viable and powerful enough to influence world markets and social interaction on the web.
This is something we must take seriously. As most users of the Internet from the west use the Internet for social platforms and not so much domain names and the development of them. China may be the one country that has the most control over its population and its movement towards controlling the Internet through domain name development. We, in the West, cannot drop the ball on this one.
Us usual, China is using its mass population and money to efficiently control the powers of leverage in the modern age.
Interesting. I would not think they’d have much luck outside their borders.
China and Russia are very close partners these days. With Russia having implemented their own copy of the root system it would seem a natural fit to build upon it using say this patent to control their populations.
To me the concern is such a system can be cookie cuttered into other countries thus balkanizing the internet. Like their BRICs partners.
Then the Biden administration recently threatens the try to get Russia kicked out of SWIFT yet again. The last time this happened was the Obama administration and THAT was why Russia built their own root system and alternative to SWIFT both of which are now operational. Thus I think the concern is not a takeover but an inability to connect to others networks. I think that is a much greater threat to the internet.
The internet makes the world smaller and smaller. Powerful people would like to carve it back up again:
“this little thing called the Internet … makes it much harder to govern.”
– John Kerry, US Secretary of State
“Would it have been better if we had never invented the internet and had to use paper and pencil”
– Jay Rockefeller, US Commerce, Science & Transportation Committee Chairman
Those are not Chinese or Russian officials ….. But the comments are in line with those countries officials ….
https://www.youtube.com/watch?v=53q3gscB7FM
“Governments around the world are shutting down the internet, saying it’s needed to prevent protests or cheating on exams.”
– Wall Street Journal, Feb 27, 2020
Shutting down the internet to prevent cheating on exams, great.
Back to Paul Vixie who controlled the F Root server and the RPZ “feature” he put into BIND:
https://www.youtube.com/watch?v=l4hqtA9L-eA
[12:15] – “Yes it’s also a great tool for government censorship and oppression. I don’t know what to do about that. I’m Sorry.”
>each authoritative node among the first
>network nodes is reviewed and
>determined by a preset review mechanism
That is called “centralization”, even if its “just” administration of the creation of each blockchain entry ….
>Most proponents of decentralized domain
>name systems promote that they make it
>difficult to censor domains and their associated
>websites. That is likely counter to CNNIC’s goals.
Blockchain provides ownership information / audit trail.
Your statement is only true if the goal is the domain name, versus finding and jailing or killing it’s owner. From US Gov website:
https://www.govinfo.gov/content/pkg/CHRG-112hhrg66295/html/CHRG-112hhrg66295.htm
“Since February of this year [2011], the Chinese Government has significantly increased its oppression of human rights advocates, including activist lawyers, bloggers, clergy and members of independent religious groups. It has resorted not only to social pressure, intimidation, and physical harassment, but also to threats against family members, beatings, and even forced disappearances.”
And lets not forget:
HITB2010KUL Keynote 2 – Taking Back the DNS Part 4
https://www.youtube.com/watch?v=l4hqtA9L-eA
[01:19] – “will absolutely make the DNS less reliable”
[01:40] – “because the place where you are legislates the use of an RPZ”
[02:45] – “was consider too sensitive to be shared publicly”
[12:15] – “Yes it’s also a great tool for government censorship and oppression. I don’t know what to do about that. I’m Sorry.”
If all “quanta” of a blockchain have identical value to all users then no central authority is required. This is bitcoin.
If each “quanta” of a blockchain has a unique value then there MUST be a central authority. This is what companies like t0 are doing.
Proof:
Google.com is a DNS entry on the blockchain. A disgruntled employee moves Google.com to a different private/public key pair on the blockchain …. Then discards the private key for Google.com, thus denying its use for eternity.
If someone lost their private key for bitcoin only they lost anything, everyone else felt tiny deflationary event (increased value) of the bitcoins being lost = Nobody else cares.
This was part the reason why companies like t0 implemented blockchain but under a central authority for transaction settlements. Each entry is of unique value, and totally transparent for all to see.
Worse yet, a “blockchain domain register” (because most will not want to deal with the details) had its system in OVH SBG2 datacentre. The datacenter burned to the ground, along with all the private keys that were backed up there.
https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users
“Just because you have placed data with a third-party software-as-a-service (SaaS) or cloud infrastructure provider, you’re still responsible for your data,”
I have a high level friend at a large tech company everyone would recognize. They are part of cloud management. They told me a story of everyone cleaning off their PC drives as they were now using the cloud so all the info was on the cloud, they do not need the data locally …. Poof, all gone …. No joke, really happened.
A blockchain DNS will need a central authority to manage it. CNNIC can claim what it wants but there will be some type of central authority … Or perhaps Google still gets billed for Google.com even though it is unusable because its private key is unknown ….
The current DNS system has racked up an amazing uptime record. So amazing that the central tenet of CCNIC’s justification for replacement appears to have no basis in fact.
Interesting indeed
China wants as much control of Everything possible – and if this happens, or allowed, we’ll all be a bunch of sorry campers! 🙁