[tynes]

Handshake (handshake.org) provides an SPV Proof that the DNS records held in it's zone are authentic. This means if an attacker wanted to spoof records, they would have to:

1) Eclipse attack the client, meaning that the client is on a partitioned network with an alternative chain tip. This grows more expensive as the records were written further in the past

or

2) Steal the top level domain owners private key and update the database

[geofft]

If a major brand is bad at managing private keys and is in the middle of an ownership transition (speaking entirely hypothetically, of course), is there a chance that they'd just lose access to symantec.com permanently and have to pick a new brand, instead of having recourse to humans to say "Hey please get us our domain"? If there is no recourse, is this generally considered a desirable thing by domain customers?

Is there a process for trademark dispute resolution? If not, is this generally considered a desirable thing by domain customers?

If the answer is yes, who holds the override keys?

[tynes]

User experience around key management is poor. I agree that it needs to be improved, Handshake supports the industry standard HD Key Derivation following bip44 and has Ledger Nano support. The keys can be derived deterministically from a mnemonic, so it's up to the org to not lose that mnemonic. Eventually (if blockchain actually works) there will be an easy to use protocol for breaking the mnemonic up into shares and allowing recovery of the mnemonic using m of n shares.

In the case where keys are lost, there are 2 options

1) Let the domain expire after 1 year, there is a protocol rule in which the domain must be updated and without the private key it would be impossible to update it, and then rebuy it

or

2) Gain support from the community and fork the protocol such that the domain is reassigned to a different private key

There is a process for trademark dispute resolution, it's been going on for awhile now. The Alexa Top 100k domains are reserved and can be claimed using a DNSSEC Proof, so dot google on Handshake can be claimed by the owner of google dot com

[lokedhs]

I have to say that that sounds like a solution no user would actually want. You effectively did answer all of GP's questions with no.

[sametmax]

For once I feel like the military could help: they probably had similar issues in unrelated fields, and may already have a organisational protocol to deal with those. Maybe we should ask them.

[geofft]

I think we did ask the military how they'd handle domain names on the internet, and they came up with DNS.

(Also, if you're going to let the military overrule decisions in your distributed permissionless blockchain, is there a point in having a distributed permissionless blockchain in the first place?)

[tynes]

Human intervention is important to the proper functioning of blockchain protocols. It's a myth that blockchains can just operate in a completely objective way without people. The point is to minimize the amount that people need to interject, so that people can instead focus on a higher abstraction

[sametmax]

Not internet related protocols. Human related protocols.

[SahAssar]

What does this solve that a non-blockchain approach (for example the PKI approaches we already have) wouldn't?

[tynes]

The root of trust comes from the accumulated proof of work instead of an organization. This is interesting because self signed certificates can be trustworthy if they are signed with the private key of the Handshake top level domain holder. I believe it will open up the chain of trust for devs to innovate on and experiment with novel cryptography

[_eht]

>The root of trust comes from the accumulated proof of work instead of an organization.

This is the only reason I have had any interest in the HS project.

[tynes]

If you have any interest in participating in the community, please visit https://handshake.community