I’m excited to share more information about gasless primary names soon, but in the meantime, I’ve been doing some research on the topic. I wanted to share a relevant resource:
The reverse resolution process involves selecting the correct primary name from the set of forward resolutions that correspond to a wallet address. Malicious reverse resolvers have limited options - they can either resolve the wrong primary name from the set of forward resolutions or choose not to resolve the primary name at all.
With CCIP-Read, the gateway is responsible for resolving the primary name in a verifiable manner. The private key of the gateway, verified by the reverse resolution resolver, serves as the first layer of proof.
Gasless primary names introduce an additional layer of proof - a signature by the primary name’s resolved address indicating which name from the set of forward resolutions is the primary name. This means that a malicious gateway can only censor the resolution and choose not to resolve the primary name or resolve an old primary name if the owner changes their primary name.
To address the issue of censoring, ENSIP-10 and CCIP-Read allow an on-chain record to override an off-chain record. If the gateway is censoring, the owner of the reverse resolution address can execute an on-chain transaction to override the gateway.
The issue of resolving an old primary name can be mitigated in multiple ways. One option is to add start and end dates or block numbers to the signature. Once the signature expires, it cannot be used. The problem with this approach is that it requires new signatures from the resolved address every time the signature expires. Alternatively, signatures could be valid indefinitely, but there could be an on-chain method for revoking signatures. If a gateway resolves old signatures instead of the latest signature, the signer can execute an on-chain transaction to revoke any old signatures.
I believe that being censored and resolving to the wrong primary name are equally problematic. The solution to both issues is to use an on-chain record to override the off-chain resolution. If resolving an old primary name is considered a significant enough threat in itself to warrant a separate mitigation strategy, an on-chain signature revoking system could be implemented.
Gasless reverse resolution allows users to set a primary name without paying anything on-chain initially. It only requires a gas transaction when the gateway is censoring or returning the wrong primary name from the set of names that resolve to the reverse resolution address. This is a significant improvement over the current setup, where all users must make an on-chain transaction to solve a problem (a censoring, malicious gateway) that doesn’t actually exist yet.