From 7d337246ac9cbead2150f7d9eaeb9c2d25e90806 Mon Sep 17 00:00:00 2001 From: bryan newbold Date: Mon, 30 Sep 2024 19:55:07 -0700 Subject: [PATCH 1/4] update bluesky homepage URL --- draft-sheth-dns-integration-01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-sheth-dns-integration-01.md b/draft-sheth-dns-integration-01.md index 4e768cd..9e7c6cd 100644 --- a/draft-sheth-dns-integration-01.md +++ b/draft-sheth-dns-integration-01.md @@ -48,7 +48,7 @@ fullname="B. Newbold" organization = "Bluesky, PBC" [author.address] email = "bryan@blueskyweb.xyz" - uri = "https://www.blueskyweb.xyz/" + uri = "https://bsky.social/about" [author.address.postal] street = "" city = "" From 1cda91b4133069673943204192c466e1cbab206a Mon Sep 17 00:00:00 2001 From: bryan newbold Date: Mon, 30 Sep 2024 19:55:28 -0700 Subject: [PATCH 2/4] add quotes around asterix --- draft-sheth-dns-integration-01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-sheth-dns-integration-01.md b/draft-sheth-dns-integration-01.md index 9e7c6cd..af6fbf9 100644 --- a/draft-sheth-dns-integration-01.md +++ b/draft-sheth-dns-integration-01.md @@ -131,7 +131,7 @@ The global DNS has developed a technical, social, and policy infrastructure over ## Flexibility The global DNS provides the administrator of a namespace technical flexibility for how to use it. Examples of this flexibility include which DNS provider to use (including the option to self-host), which DNS records to set, and which subdomains to delegate (if any). -One specific example of this flexibility is how Bluesky can issue subdomains as a user's handle on Bluesky. When users sign up for a Bluesky account, they can opt to be given a handle under the *.bsky.social domain space. Bluesky can provide this flexibility because the DNS allows for it. +One specific example of this flexibility is how Bluesky can issue subdomains as a user's handle on Bluesky. When users sign up for a Bluesky account, they can opt to be given a handle under the `*.bsky.social` domain space. Bluesky can provide this flexibility because the DNS allows for it. ## Verifiability DNS provides cryptographic verifiability of DNS zone data through DNSSEC. DNSSEC is the standards-defined way of digitally signing and verifying DNS data. For some application environments, such as those being used for payment use cases, this verifiability might be important to ensuring that funds are being appropriately routed. From c5812831e9975b2c133157bfaeb2f4ae389e259c Mon Sep 17 00:00:00 2001 From: bryan newbold Date: Mon, 30 Sep 2024 19:55:48 -0700 Subject: [PATCH 3/4] initial atproto/bluesky integration section --- draft-sheth-dns-integration-01.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/draft-sheth-dns-integration-01.md b/draft-sheth-dns-integration-01.md index af6fbf9..d73bc70 100644 --- a/draft-sheth-dns-integration-01.md +++ b/draft-sheth-dns-integration-01.md @@ -186,8 +186,20 @@ Resource capacity in a DNS integration impacts who is capable of performing the {backmatter} # Integration Lessons Learned -## Bluesky -TO BE FILLED IN BY BLUESKY + +## Bluesky and AT Protocol + +Bluesky is a social media application built on the atproto (AT Protocol) network. In atproto, account identities are rooted in the Decentralized Identifier (DID) system, a W3C standard. Most DIDs are not human readable, so every account is also associated with a domain name, referred to as a "handle". Handles are for display only: they are not used in persistent references (URIs), and can change any time without breaking social graph connections. The handle/DID relationship must be verified bi-directionally, and DNS TXT records are one mechanism to verify the handle-to-DID direction. Bluesky handles are a DNS Integration. + +DNS was chosen as the handle namespace partially for technical maturity, efficiency, and cost reasons. A key design requirement was that new account signup should have no compromises compared to a centralized platform: registering a new handle needed to be fast (second-level latency), zero-cost, and reliable (near-zero downtime). DNS meets all of these requirements. The atproto network is design to accomodate billions of accounts, and DNS has also been shown to scale to hundreds of millions of registered domains without significant infrastructure burden. Service providers can use sub-domains as handles, and allocate them in large numbers even more efficiently. + +Bluesky is a small young company building a novel network protocol. DNS is a mature and broadly adopted technology, meaning developers are already familiar with it and have software implementations and infrastructure at hand. The system is financially sustainable with a international multi-stakeholder governance structure, which means developers can build on it with confidence. + +DNS is global, distributed, and consistent which are important for a distributed network. Independent service providers and software clients see the same view of the domain system, which means that end users will have a coherent experience regardless of provider or client. + +Lastly, domain names are well established in society. Domain names are conceptually familiar and recognizable to most network users. Policies, legal precedent, and dispute resolution procedures are mature across many jurisdictions. These help address the perential challenges of impersonation and trademark disputes. In particular, many culturally relevant institutions and individuals already have domain names with an established reputation. The flexibility of DNS allows those existing domains to be reused in a new context. + +To maximize these benefits, it is important that handle validation is consistent and reproducible by any party; that any valid domain name (hostname) can be used as a handle and that all handles are valid globally resolvable domain names; that handle control reflects domain registration control across the entire registration lifecycle; and that handle validation procedures continue to align with DNS norms and best practices as they evolve. ## Ethereum Name Service TO BE FILLED IN BY ENS @@ -237,4 +249,4 @@ Many application services on the Internet need to verify ownership or control of - \ No newline at end of file + From c565ca85b1bf8d1c34702adb807739cc12344df1 Mon Sep 17 00:00:00 2001 From: bryan newbold Date: Wed, 16 Oct 2024 00:37:46 -0700 Subject: [PATCH 4/4] address more challenges in bluesky section --- draft-sheth-dns-integration-01.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-sheth-dns-integration-01.md b/draft-sheth-dns-integration-01.md index d73bc70..4da05ce 100644 --- a/draft-sheth-dns-integration-01.md +++ b/draft-sheth-dns-integration-01.md @@ -191,15 +191,15 @@ Resource capacity in a DNS integration impacts who is capable of performing the Bluesky is a social media application built on the atproto (AT Protocol) network. In atproto, account identities are rooted in the Decentralized Identifier (DID) system, a W3C standard. Most DIDs are not human readable, so every account is also associated with a domain name, referred to as a "handle". Handles are for display only: they are not used in persistent references (URIs), and can change any time without breaking social graph connections. The handle/DID relationship must be verified bi-directionally, and DNS TXT records are one mechanism to verify the handle-to-DID direction. Bluesky handles are a DNS Integration. -DNS was chosen as the handle namespace partially for technical maturity, efficiency, and cost reasons. A key design requirement was that new account signup should have no compromises compared to a centralized platform: registering a new handle needed to be fast (second-level latency), zero-cost, and reliable (near-zero downtime). DNS meets all of these requirements. The atproto network is design to accomodate billions of accounts, and DNS has also been shown to scale to hundreds of millions of registered domains without significant infrastructure burden. Service providers can use sub-domains as handles, and allocate them in large numbers even more efficiently. +DNS was chosen as the handle namespace partially for technical maturity, efficiency, and cost reasons. A key design requirement was that new account signup should have no compromises compared to a centralized platform: registering a new handle needed to be fast (second-level latency), zero-cost, and reliable (near-zero downtime). DNS meets all of these requirements. The atproto network is design to accommodate billions of accounts, and DNS has also been shown to scale to hundreds of millions of registered domains without significant infrastructure burden. Service providers can use sub-domains as handles, and allocate them in large numbers even more efficiently. Bluesky is a small young company building a novel network protocol. DNS is a mature and broadly adopted technology, meaning developers are already familiar with it and have software implementations and infrastructure at hand. The system is financially sustainable with a international multi-stakeholder governance structure, which means developers can build on it with confidence. DNS is global, distributed, and consistent which are important for a distributed network. Independent service providers and software clients see the same view of the domain system, which means that end users will have a coherent experience regardless of provider or client. -Lastly, domain names are well established in society. Domain names are conceptually familiar and recognizable to most network users. Policies, legal precedent, and dispute resolution procedures are mature across many jurisdictions. These help address the perential challenges of impersonation and trademark disputes. In particular, many culturally relevant institutions and individuals already have domain names with an established reputation. The flexibility of DNS allows those existing domains to be reused in a new context. +Domain names are well established in society. Domain names are conceptually familiar and recognizable to most network users. Policies, legal precedent, and dispute resolution procedures are mature across many jurisdictions. These help address the perential challenges of impersonation and trademark disputes. In particular, many culturally relevant institutions and individuals already have domain names with an established reputation. The flexibility of DNS allows those existing domains to be reused in a new context. -To maximize these benefits, it is important that handle validation is consistent and reproducible by any party; that any valid domain name (hostname) can be used as a handle and that all handles are valid globally resolvable domain names; that handle control reflects domain registration control across the entire registration lifecycle; and that handle validation procedures continue to align with DNS norms and best practices as they evolve. +To maximize these benefits, it is important that handle validation is consistent and reproducible by any party. Any valid domain name (hostname) can be used as a handle and that all handles are valid globally resolvable domain names. This ensures that every network service can resolve any handle in the network, without requiring special DNS software. Use of the TXT record type has broad support in both client software and in DNS management interfaces. Limited use of caching helps reduce breakage due to short network service downtimes, while still ensuring that handle validity lifetime is tied to domain registration lifetime. In other words, changes in domain control are reflected in changes on handle validity within a reasonable time window, reducing the chance of misattribution. The atproto handle specification text largely defers to IETF DNS standards, with the goal of maintaining compatibility as norms and best practices evolve over time. ## Ethereum Name Service TO BE FILLED IN BY ENS