At IPFS Thing 2023, Engineer Blaine Cook presented his work on the Name Name System, a tool that could improve the discoverability of IPFS-hosted content.
What's in a Name?
Let's start with the basics. First, let's define what a name is and isn't. A name is public, globally unique, and verifiable.
- Public - viewable by everyone
- Globally unique - cannot be duplicated
- Verifiable - possible to prove control of the name using a DID. Examples of verifiable names include DNS hosts and domains, email addresses, social media handles, public keys, HTTP URLs, SSNs, and more.
"A DID is not a name, but all NNS names have at least one valid DID."
What is NNS?
It is a way to map names to data securely.
How Does it Work?
Step 1: Select a did:method
This could be did:ens, did:DNS did:twitter, etc.
Step 2: Fetch the TXT record for your did:method and find the public key
Step 3: Input the name and DID data in the NNS form
- Name (the name you are assigning to the content)
- Issuer (the DID)
- Fact Type (DNS link, Mastodon server, etc.)
- Fact Value (the pointer to that fact type)
Step 4: Generate a UCAN out of that data
- DID for Private Key
Step 5: Store in NNS DHT (shown in Blaine's demo in the recording)
Step 6: Fetch the record(s) for the name from the DHT and use the data in the UCAN
Since a name is tied to a specific DID, and the DID is self-validating, there is no way to manipulate a name you don't have control over. We enable authentication (DID) and authorization (UCAN) in a distributed P2P system and create a DHT by storing the UCAN in NNS, thus opening up many exciting possibilities.
What Problems Does NNS Help Solve?
Discoverability - NNS helps users find other users' public keys without knowing the DID method they used to generate them. It also allows the user to find where another user shares content tied to that DID.
Encrypted Chat - NNS can be a mechanism for enabling encrypted communication
IPFS Search - If you want to know where someone's IPFS-hosted blog exists, finding it can be very difficult if you don't know the CID. NNS helps locate specific content by its name, which is much more human-readable and easier to remember.
Package Naming - Similar to IPFS Search, NNS makes locating specific Wasm code easier through package naming.
What is NNS Not?
It's not a petname system. Petnames don't cross connectivity or trust barriers. In a local-first future, we need names to help us continue working offline and ensure we interact with the person/data we intend.
It's not a way to prove ownership of a name (that's what the DIDs are for!). It helps you discover those proofs.
It's not a new namespace.
It's not guaranteed to be globally consistent.
It's not a blockchain.
It can bring together all existing standards in one place instead of trying to create a new standard.
It could replace IPNS and DNSLink by improving latency and security. Yes, a decentralized DNS!
Currently, there are several ways to link DNS names to the decentralized web, but virtually no options link email, social handles, HTTP, etc.
We could enable permissionless usage of names that we don't own using NNS by signing a proof that we own an email address (for example) even if that email is from a centralized service that hasn't enabled interactions with some new decentralized service.
This work is in the beginning/experimental stages, and many questions still need to be answered. We also need to solve for latency and locality and ensure a degree of consistency.
Here's the recording of Blaine's presentation at IPFS Thing 2023.
If you'd like to learn more about NNS, you can review the spec and join our monthly UCAN community calls.