Schanzenbach, MartinNadler, SebastianJohnson Jeyakumar, Isaac HendersonRoßnagel, HeikoSchunck, Christian H.Sousa, Filipe2024-06-072024-06-072024978-3-88579-744-9https://dl.gi.de/handle/20.500.12116/44106Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is — for the most part — green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain “.alt” in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.enSSIName SystemTrustDecentralizationGRAIN: Truly Privacy-friendly and Self-sovereign Trust Establishment with GNS and TRAINText/Conference Paper10.18420/OID2024_071617-5468