Core Rust infrastructure is frequently hosted on the .rs ccTLD. Some of these sites could be used to drive supply chain attacks if their domains were ever compromised. .rs is operated by an NGO, but ultimately controlled by the government of Serbia.
Do there exist plausible future chains of events that could lead to some future government of Serbia suspending, or redirecting, Rust project/community sites hosted under .rs? Does the Rust community have contingency plans for this hypothetical?
@mcc i'm more worried about .io for crates.io. that alone is far more infrastructure sunk cost than the rest of rust combined i think
@crzwdjk Perhaps it will, but there's also some precedence that defunct ccTLDs are kept alive for some time: https://astrid.tech/2022/04/05/1/dead-tlds/
I imagine if this ever does go wrong there will be a transitional period. And even if there isn't, it will probably be annoying but it will be ok.
@mcc well the President of Serbia is a Putin fan and the situation with Kosovo can escalate any time
@mcc we just don't believe there is an open source supply chain.
@mcc it's not like the country that controls com/net/org and like a significant majority of gTLDs inspires that much more confidence
@elomatreb I agree with this also.
@mcc The right way to solve this is not to address stuff with domains whose ownership is transient, but with some sort of address whose semantics are "the site run by the party who owned domain D at time T" in a way that's cryptographically provable via DNSSEC signature chain that was valid at time T and whose existence was attested to by a notary at time between T and T+ε.
@ratsnakegames @mcc It's a longstanding goal of mine, and I have rough outlines for how it could work.
@kitten_tech @mcc NFT DNS was a non starter because it had protection against double-spend (and thereby domain squatting, sales, etc. which would not exist in a just identity/name system).
@forensicgarlic @dalias Top-growing Merkle trees!! Top-growing Merkle trees!!! :(
Having mirrors on censorship-resistant platforms (e.g. Tor) may help with this sort of issue in the long run. That's my two cents.
@mcc dw i'm serbian and they don't even know rust exists
they love it. they love you using .rs domains esp for programming stuff and they like using that number. you won't believe it. you have a choice to stop or continue, seizures or attacks won't happen
@mcc gosh I agree and I do hope something is done about this and the .io stuff too. We can't give up our independence for fancy domains!
@mcc does anyone really? On some level ALL TLDs could be taken over by a bad actor and we would all have to do what the Internet has always done. Route around the bullshit.
@frank I would argue ccTLDs and gTLDs present different risk profiles. In addition, not all ccTLDs are equal due to differing local laws and differing administrative structures for the ccTLD itself (as noted the current .rs administration is reasonable in a way that the hypothetical future appearance of meaningful risk would likely come with advance warning)
@mcc oh absolutely definitely different risk profiles, I just think if any TLD was compromised it would be a real risk for hours/days and not weeks/months as the community moved to something else. It’s definitely worth thinking through, but I don’t think it’s a major concern worth moving preemptively over.
@mcc how about moving: the isle states that will be hit by climate change first could use the income and wouldn`t it fit?
@mcc not only because its name, but because it`s more efficient than other languages and can help to prevent the climate change, like: it self needs to protect earth to not cut its own roots