A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance

In this talk, I will present the design of the GNU Name System (GNS), a fully decentralized and censorship-resistant name system.  GNS uses cryptography to provide a privacy-enhancing alternative to DNS and existing public key infrastructures (such as X.509 certificate authorities), while giving users the desirable property of memorable names.  The design of GNS incorporates the possibility of integration and coexistence with DNS.

GNS builds on ideas from the Simple Distributed Security Infrastructure (SDSI), addressing a central issue with the decentralized mapping of secure identifiers to memorable names: namely the impossibility of providing a global, secure and memorable mapping without a trusted authority. GNS uses the transitivity in the SDSI design to replace the trusted root with secure delegation of authority, thus making petnames useful to other users, while operating under the strong adversary model represented by authoritarian state actors.