CC BY-SA 4.0Schanzenbach, MartinMartinSchanzenbachNadler, SebastianSebastianNadlerJohnson Jeyakumar, Isaac HendersonIsaac HendersonJohnson Jeyakumar2024-06-242025-01-202024-06-242024https://doi.org/10.24406/publica-3270https://publica.fraunhofer.de/handle/publica/47032410.18420/OID2024_0710.24406/publica-32702-s2.0-85203249891Robust and secure trust establishment is an open problem in the domain of self-sovereign identities (SSI). The TRAIN [KR21] concept proposes to leverage the security guarantees and trust anchor of the DNS to publish and resolve pointers to trust lists from DNS. While the DNS is a corner stone of the Internet, its continued use is primarily a consequence of inertia due to its crucial function as the address discovery system for existing Internet services. Research and development in the area of SSI is - for the most part - green field. The choice of DNS as a core building block appears fainthearted given its open security issues. Recently, the IETF paved the way to experiment with alternative name systems in real world deployments by reserving the special-use top-level domain ".alt" in the domain name space [KH23]. This allows us to use alternative name systems such as the GNU Name System (GNS) [SGF23a] without intruding into the domain name space reserved for DNS. In this paper, we show how we can use the GNS as a drop-in replacement for DNS in TRAIN. We show how TRAIN-over-GNS (GRAIN) can deliver security and privacy improvements the security concept of TRAIN-over DNS and show that it is practically feasible with limited modifications of existing software stacks.enSSIName SystemTrustDecentralizationconference paper