Addressable on the Internet without DNS | IP addresses

Address

Your address on the Internet

To be addressable on the Internet today you have to have a long list of addresses, perhaps a IP address, a DNS address, a email address, a twitter address, the list goes on.
What if you only needed a single address for everything ? Well that's what Atsign have built.

An atSign is a new Internet address/identity that can hold other addresses or data of any kind. My atSign is @Colin and armed with that you can get all the data I choose to share with you.

That sounds like nothing new, but there are a number of nuances to the the Atsign story. All the data is encrypted with keys your atSign "cuts" and as you share data with other atSigns it is uniquely encrypted for that recipient before it is shared. The sharing mechanism is also very nuanced in that the the receiver gets notified of an update or new data and then has to prove they are the real recipient using a number of cryptographic proofs before being handed the encrypted data. This give rise to another interesting property of the atPlatform in that addresses such as 'location@colin" can return different data depending on who is asking for the data. For example if @sarah asks, my answer might be "The Office" or if @IBM asks, I might respond "California USA".

The atPlatform itself is open source (atsign.dev and GitHub repo) and has been designed to be as distributed as possible, the only centralized component is the directory of atSigns, the atSigns themselves are hosted as tiny microservices which again are open source and dockerized, if you want to host your own you can or Atsign will host one for you for free.

So how does this work ? The directory service is a well known address 'root.atsign.org:64', if you connect to that using openssl you can enter the atSign you want to lookup and it will return to you the DNS:Port combination of the microservice for that atSign. You can configure where your atSign points to using the registrar website or just us the one Atsign provides you, to run your own a simple script will install the microservice which is available atdess (distributed edge secondary server). The microservice provides an personal atProtocol server which acts as your Internet rendezvous location and stores encrypted data you have shared with other atSigns, so you do not have to be online all the time your microservice or what Atsign calls a 'secondary' answers requests from other Atsigns.

This is all very different from other systems but builds on the architecture of DNS to create a world wide shared and sharded database where everyone owns their own data and that data can shared with any other atSign.

To get an atSign just go to atsign.com and pick up a free one or purchase one, or just download one of the apps and just pick a free one. In either case you will have to activate the atSign, using the website click activate (the apps autoactivate for you) and then pair your atSign which will allow your device to cut the cryptographic keys, you will then be asked to save those keys in a file, so keep them safe as they will be required to use your atSign with other Atsign applications.

What might help is a couple of examples of applications using the atPlatform. First sshnoports, which allows you to login into a remote machine using ssh without that remote machine having any open ports. The atProtocol uses only outbound connections to the secondary and notifications are sent over that outbound connection to the remote device. This connection uses both TLS and end to end encryption to send a cryptographically signed notification and new ssh keys to connect back to the requesting host. Once that ssh connection is in place then port 22 on localhost of the remote machine is connected to a host that is calling via a regular ssh tunnel. Full examples are on the GitHub repo sshnoports. You will notice that the command line to ssh to the remote machine does not include a IP address or port number, that is because the atSign is the address being used and that in turn means that the IP address is just used for transport and if the IP address changes on the host or if the host is behind a firewall you will still be able to connect to it assuming that outbound connections are allowed. Even if outbound ports are an issue in your location Atsign provides an atProtocol reverse proxy that can channel all outbound connections to a single port.

The other example is atTalk a very simple homage to the Unix talk command. Once again you will notice that no IP addresses are required to atTalk with another atSign, which means you can atTalk from anywhere where you have the Internet and maybe mor importantly everything is end to end encrypted and no one is monitoring your data or communication. There are no API's or central services that can see everything which is a major departure from the HTTP/API world and in fact it's back to the future using a new but old school idea of designing a fungible Internet Protocol that addresses, addressability, security and privacy of any data.

Both sshnoports and atTalk are tiny codebases due to the use of the Atsign SDK and yet they provide confidentiality, non repudiation and the security of having no ports open on either end device and hence no attack surface.


It's a crazy cool idea and just add imagination for new use cases. Most of the engagements Atsign has today are IoT use cases where using Atsign removes the need for static IP's, firewalls and VPNs, and with app developers focused on privacy and people owning their own data.

Join us and give us a GitHub Star or two if you think we are on the right track!

@Colin


Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies and get more readers

Join other developers and claim your FAUN account now!

Avatar

Colin Constable

Founder/CTO, https://github.com/atsign-foundation

@cconstab
Infrastructure and Network and DevOps background always pushing boundaries.
Stats
11

Influence

48

Total Hits

0

Posts