 Hello Welcome to the distributed naming buff with Daniel Ken Gilmore So I really am hoping that this will be a Boff and not a talk. I've got a couple points to present But I really want to see a I'd love to hear a discussion and hear where people are coming with this kind of of work So I'm just gonna start with a couple presentations, but if you have questions, please Raise your hand Carol has a mic that she can pass around and so Okay, so just a brief statement of the problem so Why do we why so why are we interested in distributed naming and I'm my current argument is that there are two types of centralized vulnerability that we'd like to avoid one type is a form of legal pressure or legal risk that Where a centralized naming scheme Can potentially have a powerful adversary just lean on the naming scheme itself and then you lose your name in terms of names I'm talking here about things like the domain name system Your email address is effectively part of a naming scheme as part of the DNS But just how do we know who each other is over the network, right? We have this big global distributed Communications network and we'd like to know who the other party is that we're talking to you so so if this such if the naming scheme is centralized then there's a potential for legal action by or legal or financial potentially legal or financial action by a powerful adversary who wants to either impersonate you or your allies or Wants to simply devoise you to remove your name in communications network makes it very difficult for anyone to find you so the first So the the the first form of vulnerability We would like decentralization to prevent is this sort of legal or financial pressure and Some examples of recent Situations where centralized pressure has been brought to bear on the domain name system in particular has been the yes men I don't know how many of you know about this. It's a group of pranksters basically with a message who tend to do things they did something where they Apple released a conflict-free iPhone That was Made from materials that were not taken from countries where that were at war and nobody was injured in the production of it Of course, they didn't but the yes men published it claiming that they were Apple Well, Apple is a powerful adversary and Apple turned around and said your domain name iPhone CF calm is in violation of Whatever copyright trademark You have to take it down and so they leaned heavily on The domain name system to get rid of that domain name WikiLeaks also There's been talk about how do we attack from people who have been exposed by WikiLeaks there have been talk About how do we get rid of WikiLeaks from the web and then there's also been attacks recently against things like poker sites and gambling sites Sites with whom I don't particularly feel much affinity, but it still seems a little bit weird that there's a centralized way to Simply remove them and So okay, so that's one thing legal or financial pressure from a powerful adversary the other kind of thing We would like to avoid is network level filtering so We're all subject to Whoever controls the pipe through which we connect to the net and we'd like to avoid that So for some examples are some countries have country-wide firewalls That make it difficult for their users to access things outside of the country At least within the United States several ISPs Default so that if you do a DNS lookup and it fails they helpfully redirect you to their advertising page where they get advertising revenue Rather than returning an ex-domain like you're supposed to That shouldn't happen and you should be able to tell that that was happening And then also some organizations have their own internal firewalls And I know some of you are probably administrators of these kind of firewalls and it may make you nervous But when you're subject to one of these firewall restrictions and you need to actually do communication That's not explicitly directly authorized by the organizations that's maintaining the firewall You'd like some way to know that you're not getting You're not leaking confidential information And that you're able to actually be sure that the group that you're talking to With the folks that you intend and then there's also sort of content filtering that happens with the internet service providers At least in the u.s. Where they would like to be able to say No, no that is content you're downloading content that happens to be owned by somebody or other and whether that's true or not It can cause a lot of difficulties So those are the two things network level filtering and legal or financial pressure So some examples I already mentioned some of this but examples of centralized naming schemes that exist the domain name system Passports are centralized at least within the country. There's only one legitimate Issuer of passports within a country Facebook and Twitter handles our centralized naming schemes and we need to acknowledge that Facebook and Twitter and to some extent my space are effectively the naming scheme of choice for a lot of people right now I find this really disturbing. I occasionally do work with and Collaborate with high school students many of whom simply don't check email anymore because their Facebook page is how they communicate with the outside world so Facebook is an example of a centralized naming scheme that has That that is actually run by a for-profit corporation Beyond even the centralization of the domain name system and then Google Particularly with the advent of Google Plus, but Google, you know, there's there's another naming scheme that they're putting up there so What we want that's the Royal we at the moment, but I hope it's the collective we Because it's what I want really but maybe you guys can edit this and add to it. I'm gonna talk slower. Sorry Thank You Pabs What I want from distributed naming I Think we all would like the names that we use on the internet to somehow be easy to associate with real-world Things it it's nice to have a handle for your online work But it would also be nice to be able to say this is the same as the As the person who I met or this is the organization With whom I'm collaborating We want to be able to verify that a name is legitimately held by the real-world party in question And we want to avoid the centralized pressures There's some talk about whether distributed naming schemes need to also cover routing that is given a name How do I get a message to that name? and I'd like I've got that in parenthesis here because I actually think that can be decoupled from naming And so I would like to have it decoupled because I think it makes the naming problem simpler if we don't include routing in the naming thing so the other people have Particular things that they want from distributed names That that aren't covered here. You can always add stuff later, but all right. I'm just gonna continue with the introduction then so one well-framed Observation that makes this whole thing problematic is was put forward by this guy Zuko and it's called Zuko's triangle and his original formulation said that for a naming scheme you can be decentralized secure or human meaningful choose any two And that's problematic because we'd all we all would like the magic triplet to all hold The basic argument devolves into saying if you can't self-authenticate the name then You ultimately will need a single a single trust domain. That is there has to be some external party that signs off on it and That if the name is self-authenticatable that is you can prove say Mathematically cryptographically that the name is held by the party in question Then it can't be meaningful to humans. So for example, my name is not d217 e9 39 That's a self-authenticating name in some respect. It's the last Part of my open PGP key fingerprint, but it's not human meaningful. That's not not how I'm known So another way to rephrase what Zuko has said is is to say again choose any two global securely unique and memorable These are just different ways of thinking about the trade-offs that are involved here It was pointed out to me the other night That if we are talking about a fully distributed namespace The realistic result of that is going to be namespace fragmentation that is One of the nice things about the domain name system right now is that there is one domain name system If I say Debian org there is no question who is Debbie like what Debian org the domain actually is There may be people who are spoofing Debian or domain, but there is officially one Debian org and then when we start to split up and say actually maybe Maybe there is no central authority Then that becomes possible for an actual namespace fragmentation to happen. And so I think one thing We need to ask ourselves as people who are interested in the possibility of distributed names is whether or not we can accept Global namespace fragmentation. I think at some level we need to be willing to accept it as the price to pay For not having a central authority that's vulnerable to the pressures that I described earlier Does that argument make sense it makes me uncomfortable to make that argument, but That that seems at least a little bit problematic because if you allow for the namespace fragmentation that the powerful adversary can force the Fragmentation and at least for half a planet make them believe that they are you or something like that So that is almost as bad as the Central naming Serves right so is it better for a powerful adversary to be able To make half the planet believe that they are you or to make the whole planet believe that they are you Those are the trade-offs. You're right. I mean, it's not it's not it's not a win overall, but it might be a little bit better Is that a hand You said there's only one Namespace for the DNS actually has there had been many attempts of having others They all failed. Yes Just one and two So and and Yeah, there's some that still exist and there's even one that copies the route Several configuration and add some TLDs that doesn't exist elsewhere Yes So that's true there are also there are multiple proposed DNS routes You were earlier talking about our head in parentheses routing Yep, and for some reason I can't I can't accept or cannot see a way to Prevent fragmentation to solve the triangle without addressing routing. I think that's a core issue to actually address probably first Before you can actually think about meaning human meaningful naming I Hear your assertion, but I don't understand why that's that would be the case. Can you make an argument for it? Probably not in a succinct way Okay, I mean I was thinking for instance, I mean If you have identica and Twitter Essentially the same thing some of us are lucky enough to have the same name on both Some of us have not managed to do that, right? You need to know you need to tell people What short messaging nickname you're talking about Unless you have them on both and on all other services So you need to say I this is my Twitter username or this is my identica username, which is the routing issue, isn't it? It is it is basically telling the person again that there's some sort of like centralized or decentralized Directory of names Where they should look to find that entity I Think what Martin's getting at is that if the definition of routing is which domain does this name exist in then? It's hard to understand how not including an element of routing in the naming process Could ever lead you to a situation where you can cope with that But I don't believe that I know what you mean by routing in this particular context at enough level of detail to know whether That feels to me like an essential part of coping with that or not, okay? Let me clarify what I meant by routing so I didn't mean By routing I don't mean look within this namespace by routing I'm referring to actually how do the bits get from me to you and so that's less of a question of Well actually Take this subset of the global namespace and it's this is my name within that subset It's more about What IP address do I send packets to to get to a server that will talk to you? or If we're not using IP if we're using You know some other mechanism. It's actually about specific physical transport addresses As opposed to subdomains. I do think that there's something to be said for saying I am This name within this within this naming scheme, but I don't consider that to be routing I think I see that as a subset of the name problem. So I yeah, I don't know. Is that more confusing or less? Example what phone if you take a phone call then what phone companies to then used to actually establish the calls because it could be different Economy and that just as another example outside of the IP space, right be routing right what what providers to your use To establish this right phone numbers are an interesting global namespace also But they're they're not human meaningful actually So I don't think phone numbers even they're they're centralized and they're not human meaningful So I think we can put those aside, but yes, right One to move a little bit forward Like actually to describe how I to P does it because so in I to P you have none human readable but Global decentralized naming scheme And the way that you can actually use this name is that everyone in the network have a bookmark files that ties Name to like human readable name to one of the address he he said address I Mean that's that that Solution is it has introduced like every single person using I to P can have actually different Human readable name for referring to the same entities But they can also exchange through some kind of I don't know peer-to-peer friend trust relationship those bookmark files I So that's the extreme example of a decentralized namespace right every single user has their own view of what the human readable names are which The peer-to-peer idea of you know asking your peers around you how to find that person I'm getting into routing again, and I don't want to but We are if we need some sort of infrastructure some sort of ongoing communication to be able to put meaning to those names and By doing that we are essentially not Creating a global distributed naming scheme, but we are again creating a domain within the global picture and there's the potential of fragmentation right there But my actual point that I wanted to make is that in order to do this In order to have a bookmark file So I can call you DKG and somebody else can call you Daniel Which is perfectly fine. We are very quickly going right into the domain of identity management here So do you want to be a UUID and? Well in some sense I already am on the network. I am a UUID I may not my open PGP fingerprint is has human readable names bound to it and It has other cryptographic material bound to it. Well Not the open PGP ID is not human meaningful, but it is Self it's self authenticating The key ID is self authenticating. I can demonstrate that here's a public key matches this key ID and It can be it can be shown to be held and then the the global net the name is not exactly global But yeah, but it's not a domain in the sense that it's a closed bounded thing And that my domain probably overlaps with your domain because we actually know Some of the same people and we are willing to rely on Identifications from some of the same people so it's not a closed domain in the old sense Limited to the people who use open PGP. Yes I agree with you on that that the protocol itself is in some sense a closed domain But even within that protocol there are there could be another DKG who's out there in it In a certain sense I feel that it's important for the name to To have a human Meaning only if you use it for routing We care that Debbie on the org Is a name for the ambient because people will type they've been on the org when looking for them in But But if it's just about having a unique identifier Well, I don't see it as as essential that it is directly meaningful it can be It can be a key ID And and that's my identity and People can People can locally Assign a string to that. What's the problem with that? so You're right, it's it's a trivial problem to have Self-authenticating non-human meaningful IDs right we can all just generate a key that we can and then that's fine The trouble with that becomes when you want to actually interact with someone that you've heard about Because they've done something interesting because you think you might like them because you think you might not like them And how do you find? Given that we're humans, how do you find that person or that entity? How do you refer to them in a way that is memorable to other humans because ultimately all of these systems are about connecting people with each other, right? And so the question was how do you do that now in a centralized naming system? And the answer is that right now you do it through DNS and you hope that the that the powerful entities that might be leaning on the DNS system Have not gotten in the way If you've heard of someone you've heard You've heard of his ID So if every time someone mentioned me in public they also mentioned my open pgp key ID then yes that would work But in practice that's not happening Okay, so what you're saying is you want a link between this messy First name middle name last name that we have let's say in real life and your computer ID I do think that would be a useful thing to have I'm not sure how we get there That's sort of the point of trying to figure this out. What are the trade-offs involved? So let's think about Facebook for a while because I mean on Facebook people are usually referred with their first name and last name And I mean if you take France for example, there's a lot of Jeremy Martin because it's common last name It's common first name So how do you differentiate between all these people through their friends who they are like having a relationship with In a global name in scheme if you would have to DKG you would refer to like DKG as I don't know Can I say like okay so Micah like the friend of Micah and another DKG would be friends of John or whatever and By actually specifying an entity together with a few of his or her relationship You might be able to actually locate odd like an ambiguous An entity in the name in the global naming scheme that that could probably be doable. I'm not sure. I don't know so it's sort of like it's sort of like the the common Christian naming scheme of saying this is John Johnson is John who happens to be the son of the other guy named John right there might be a John Nielsen who's the son of someone named Neil So yet defining by these relationships would be useful But that also requires that you make those relationships public which some of us don't necessarily want to do And so if it becomes difficult to identify you because you don't want your relationships to be made public Then that's another trap that we could potentially fall into you But I do think that the that the relationship as a way to narrow down a set of potentially overlapping names would be a useful technique Do you think we can solve sucus triangle? I Am I would love to say yes, I'm not convinced yes I think that we probably do need to give up on the idea of a single global namespace Not that in practice it won't be mostly global I think that we can put a lot of social pressure to bear on keeping it basically global but I think that I think we're gonna have a lot of problems keeping it Fully keeping such a namespace fully global. I think there will be attempts to take over names Legitimate attempts legitimate conflicts and there will also be illegitimate conflicts that are just adversarial Name hostile name takeovers and we need to figure out how we're gonna deal with those when they happen and another question Don't you think that the security problems in terms of like taking over names are more or less the same With a distributed scheme than they are with a centralized scheme if I only concentrate on the you know Not the political influence from the top Or to rephrase my question How what would happen if I can and everything else the root name servers were under Debbie in control and And Debbie in was a completely non-corrupt So you're Well, let's pretend that though Why don't we just drop Debbie in from the picture and pretend that I can is completely non-corrupt and non-corruptible and Use that as the thought experiment Independent transparent right so this is the folks who are interested in seeing DNS sec Flourish and get wider adoption are hoping that this kind of scenario will be an acceptable one And my answer is basically that I Think that the more power you concentrate in one place no matter how transparent the system is the the more vulnerable that place will be to a powerful attacker and I don't want powerful adversaries that already exist to be able to take over So so I guess my answer is I don't believe that such an Uncorruptible once you accumulate that much power. They won't be uncorruptible. I just can't imagine that being the case But maybe I'm a pessimist well My answer was approximately the same but basically saying if If I can was under control of Debbie and then Debbie and would be under humongous pressure of Of a few of the big organizations that have guns and use them the governments and would cave in and I can the same I mean I Don't think you can create an organization that would not cave in to At least at least a dozen of Governments and illegal systems So I just wanted to talk about some of the possible proposed technical solutions and we can look at what their trade-offs are I hope that there are some people in this room who are familiar with these different systems in Different ways, but just to bring up a couple of ideas Many of them have already been mentioned maybe in passing I just want to make sure that people who are interested in the topic have an awareness of the different proposals that are out there so This idea of pet names is very similar to what Lunar mentioned earlier where As an individual user you accumulate Specific to you information about About a remote identity about one of the identities of your peers and then your tools show you that information When you visit that peer again or when you communicate with that peer again the pet name project it was implemented as a I think of Maybe even a Mozilla extension way back in the day For HTTPS where the idea was that you would type in my bank when you visited whatever your bank was And then when you visited that bank again if the identity all matched up in the same way Your web browser would say you called this my bank and that way you'd know that you hadn't suddenly been connected to someone else Regardless of all of the other pieces in the middle I do think there's a we there's a lot of work that could be done with pet names In terms of just helping users navigate potential conflicts in a In a conflicting namespace Namecoin Is a project that's based on the same math as Bitcoin? I don't I'm assuming that people in this room have some passing knowledge with Bitcoin, but it's a decentralized Mathematically-based currency or proposed currency that is being traded right now and Namecoin uses the same math, but a different Global blockchain so it's not directly connected to Bitcoin But it uses the same things to create a global system that is mathematically Ungameable or that's how the theory goes in practice. I actually think that namecoin is Gamable if you just have bigger faster hardware and are willing to pump through more energy and and Than anyone else so does it work out to be a system that is Robust against a powerful adversary. I'm not sure that I'm convinced that it is because there are certain specific attacks That we can talk about if people are interested in the details that as long as you've got a load of cash and access to a Big power plant you might be able to do that you wouldn't be able to do otherwise net so cuckoo is a Combined routing and naming combined decentralized routing and naming system that aims to replace I believe both the internet itself and the naming scheme So this is an ambitious project some people are packaging it in I think for Debian right now Does anyone know where it stands? I believe there was discussion on the freedom box list For of not to cuckoo. Yeah, I don't know what the right now, it's the implementation is in stackless Python and There's no stackless Python and Debian so it can't be packaged. So They are working on a port to Vala instead in the hopes that it'll be usable for the freedom box Okay So and that is something that would replace routing as well as names So it has the potential to create wireless mesh networks with their own name resolution I2P which Lunar spoke about earlier With which is much more about users controlling their own variant of the names and then being able to provide introductions Tor hidden services are in some sense a namespace the dot onion addresses Have been willfully carved directly out of DNS Hopefully the root zone will not create a dot onion Tld to conflict with them who knows what they'll do with the root zone these days I actually don't consider this to be a legitimate Candidate for decentralized names because the dot onion addresses are not human meaningful. They're just Arbitrary string that happens to be some truncation of a digest of a public key So people propose that from time to time I want to push back against that as a concept of a hidden service of a as a concept of a distributed naming scheme in what I want from it multicast DNS Actually seems to work okay in the local area network With cooperating hosts I've yet to see anyone actually I've seen lots of people propose that. Oh, you just do that globally I've seen no one actually do it globally and I'm not convinced that it would work globally and I don't know Yeah global broadcast exactly I'm not sure how something like that would work But it is still interesting work that's been done on collaborative namespaces and I don't think we should ignore it Just because it's not going to work right out of the box Because it is a functional thing anyone who is running of a high daemon On their machine right now can probably resolve the dot local domain to find the names of the other computers in the room and then DNS sec is Not particularly decentralized, but it does seem to offer the possibility of a cryptographically assured human meaningful namespace to the extent that we believe that humans can understand what domain names are Which most of us in this room can but we've probably all seen examples of people who don't Understand which part even of a URL on a web browser is a domain name So I think we should be aware be wary of the human readability of the DNS labels themselves But some people have been talking to me at the conference also about the possibility of DNS sec With a redundant with somehow redundant trust paths in DNS sec so at the moment in DNS sec there is a root zone And the root zone certifies each of the TLDs and then the TLDs Certify any sub zones from them and I don't know I haven't looked at the DNS sec Protocol closely enough or haven't thought as much about how you could do that out of band But it does seem like if there's a way to provide DNS sec with a single authority Maybe we can talk about ways to provide DNS sec with multiple authorities to make it harder for there to be one One point of failure That somebody can lean on just some ideas to think about For DNS sec there is already a system Forgiving direct Certification at the sub level That they intend to use basically to bootstrap the system without without waiting for the top nodes to convert to DNS sec so I'm I'm not sure of the details, but it But it's probably at least a good start for this multiple thing that you're That you're talking of I'm trying to remember the name of that a Bit more out of band system, but I can't remember right now, but it should be fine There's one more hand there It's been suggested earlier that you could use Friend relationships to narrow down the otherwise possibly ambiguous human friendly handle And you said that people might not be willing to share those relationships Which is certainly the case in some use cases, but for open Organizations like Debian we already Do that by publishing PGP signatures. Yep. Well, we publish PGP signatures which specify assertions of identity Right, but it doesn't specify friendship. Yeah, but I I thought that we could actually use that as a and qualifier of the of the potential ambiguous Handle so instead of saying DKG you could say DKG whose key is a signature from Zach and Joey Right, although I don't know that I would want to prevent Zach and Joey from if they meet Daniel K. Gebhardt from ever signing his key There is a Daniel K. Gebhardt who works on free software stuff And I would it would be it'd be sad if Joey and Zach felt that they couldn't sign keys with him because that would somehow dilute my name So Yeah, there are trade-offs there But but I think for an actual human relationship to be involved I think we would need to assert something more than Identity that I think lunar's description was this is the person who is friends with so-and-so Would be useful and maybe it's maybe we need to have mechanisms in place to provide those as private assertions, right? So it says you know Here's my calling card that you can give to someone and then maybe that calling card is something that that person can pass on to say This is a vouch in it in a real in a real trust sense Like this is someone who I who is a friend of mine, and then that could be stored in some sort of identity management As another example for years we had two Debian developers named Brian Michael Nelson So if you were to try to refer to the Brian and Michael Nelson and Debian That would be ambiguous right So, yeah There are ambiguities that we need to think about how we can actually resolve and maybe the answer is that that is not a sufficient ambiguity resolution just because in Debian isn't enough and For that particular case that they need to find some other distinguishing mechanism one of them works on GNOME So they encourage the GNOME project to I don't know. I'm just I Mean I think at some level we need to say We are going to fail at full disambiguation And so then what do we do in those failure cases? How do we help users deal with those failure cases? So I had a question for For everyone here in terms of do that. Do you know about what else is in Debian? And do you know about? Like what has been integrated into the libc resolver can just be do people have specific examples of things we should be considering proposals moving forward Just out of three validation technique which I Which I mentioned for DNS sec is called DNS sec look aside validation or DLV Okay, DNS sec look aside validation. Yeah, okay I got a question from Roussen to one ISE Actually, I remember I2P having an internal DNS resolver linked to a unique host hash Is this applicable on the decentralized and trust based name resolving? Since the hashing being unique on spoof spoofable Do you have an answer for that or you have another so I don't know enough about I2P to be able to answer that question Maybe somebody can can look into that and try to answer them on IRC or or in the notes here later Sorry that I don't have enough details Did you have a to respond a little bit about the name coin? Fatalistic claims that I think were a little too fatalistic One was written up there by somebody and one was said by you Daniel But the resource overtake problem. I think is Absolutely a true problem, but it becomes infantesimally smaller as the blockchain becomes longer and resources required to overcome that it become significant and the Thing that's mentioned there that it dies a horrible death as soon as Shawan is broken again isn't it actually true I think it's a lot more complicated than that because There is some crypto primitive flexibility in there that would make the Previous elements in the blockchain perhaps invalidated or it more easily to be replicated, but the Further additions to the end of the blockchain wouldn't be done in Shaw Whatever in the future, so I think it's a it's a little bit fatalistic to be saying that it's completely Worthless for these reasons when when Well, it might have problems like many of these others would also potentially have problems when Shaw is broken, but So I know a little bit too much about namecoin because I we had a similar distributed naming buff In the past and I was tasked with researching that one and It seems to me out of all of these There some of them are much further along and have momentum and then others do and that's kind of interesting to me And I know Natsuku kind of is starting to have a new resurgence now that It seems like Freedom Box is interested in it and that's great And hopefully they will rewrite it for the third time and come to something that will actually work out But it is I Think it's interesting to look at some of these other ones and try to find What particular things that we do want in distributed naming and where the Where the inertia is and where what what are what are we actually going to try to achieve and what is actually possible to achieve? Because I think some of these People keep trying different things and then it's one person hacking in their basement for a year And then no it just goes nowhere and bit rots So it seems like there's a lot of different disagreements about implementation possibilities that Without people getting behind any one of them or maybe two of them and actually pushing it forward It just will continue to do that Thank you Yeah, I really like this argument of thinking about what is actually a possibility which is a which is at the end switch but not only from the implementation point of view but also from the you know the The possibility that we can have a technology which really gets in the end of not only geeks, but also, you know my parents Yeah, so another part of the discussion here, I think it should be getting in touch with some of the browser which are very popular and Talking to them and see what they would be willing to implement and what they will be not So we are somehow somehow lucky because some of the most popular browser nowadays free software projects But I think that's part of the strategy, which is really crucial because you know the Browsing part of the name naming is one of the policies the one which is used the most So I have no idea whether some of the geeks interesting that have ever Riched out. I don't know to Mozilla or to or to even the commune people and ask, okay What do you think you would be ready to implement in your browser and what you think you will be not be ready to implement? Right, so I think we're about out of time. There is some work going on on that There are some open bugs against Against Mozilla the Mozilla suite pushed by some of the people who are pushing for DNS sec and For for better hooks for better extension points So I do think that there's a lot of work to be done there And I can point people if they're interested to specific bugs that it would be great to have voted up in In bugs ever so I have two very quick points the first one about things like namecoin is that they depend for their Security or you know correct behavior on the idea that good guys have more computation than bad But guys and if you actually look at the modern internet that's not the case the people who have lots of computation available to them are spammers and You know botnet runners and people like that. So there's a bit of a difficulty there And I wanted to mention about DNS curve DNS curve isn't really a new naming approach It's a way of using elliptic key cryptography to do essentially the same thing as DNS sec So it's not doesn't have a different naming model. I agree with that Description of DNS sec. All right. I think our time is up. Thank you everybody for talking about it I hope we can continue this discussion We're the folks in the monkey sphere project are interested in this the freedom box folks are interested in this I think Debian would be would be well served to have more work on these particular kinds of things done And even if that means picking one of them and making sure that it's well integrated that there's good user interface for it Those would be wonderful things to have more work done on so thank you all for coming