ITF (Internet Engineering Task Force) Committee, which develops the development of protocols and internet architecture, has completed the formation of the Request for Comments (RFC) for the GNU Name System (GNS) domain names system. GNS is a fully decentralized and censorship-resistant alternative to the Domain Name System (DNS). The RFC, designated as rfc-9498, has been given the status of a “proposed standard”. To align with the RFC, GNS has been implemented in the GNU Name System (GNUnet) 0.20.0 platform and is also available in the code base of the gnunet-go project.
GNS can be used alongside DNS and in traditional applications like web browsers. It ensures the integrity and immutability of records through the use of cryptographic mechanisms. Unlike DNS, GNS utilizes a directed graph instead of a tree hierarchy of servers. Name resolution in GNS is similar to DNS, but with the preservation of confidentiality. This means that the processing request node does not have knowledge of the answer recipient, and transit nodes and third-party observers cannot decipher requests and answers.
In GNS, the DNS zone is determined using a combination of open and closed keys based on ecdsa using elliptic curves like curve25519. The choice to use Curve25519 has been seen as unconventional because other elliptic curves are typically used for ECDSA, and Curve25519 is more commonly paired with the digital signature algorithm ed25519, which is considered more modern, secure, and faster than ECDSA. Additionally, the key size of 32 bytes in GNS is smaller than the usual 64-byte size used for ED25519. GNS also employs cascading symmetric encryption using the Aes and Twofish algorithms in CFB mode.
The choice of Curve255