[danShumway]

I'm slowly starting to suspect that maybe having human-readable names for domains is a mistake.

Partially because phishing domains is already kind of easy (the rapid increase in tlds isn't helping), partially because the race to grab and hold names has been having increasing negative effects, and partially because (aside from domains) many actual URLs are already impossible to remember. We're running into the same problem with SSL certificates -- the position of LetsEncrypt is now that they shouldn't be used for identity verification.

There would be some awful challenges if we got rid of the human-readable part of domains, but the benefits of moving to something like a unique hash or key instead:

- instantly getting a domain for anything and have it be permanent, without any renewals.

- getting rid of most name-squatting.

- being explicit and up-front with consumers about the dangers of phishing, and the need to build separate identity-verification infrastructure that couldn't be beaten with dumb attacks like the `rn m` trick.

I dunno. It could be a really bad, stupid idea, but I want to start thinking about if there are ways we could share domains in a hashed form on podcasts/posters/etc... that would mitigate some of the obvious downsides to having them be difficult to remember or type.

I know IPFS and DAT are using hashes for everything, but as far as I know they're both falling back on stuff like IPNS and human-readable aliases when URLs get shared, and to me those have the exact same downsides as the domain system we're already using today. I'm not necessarily advocating anything, it's just less obvious to me today that a naming system that uses actual words provides more benefits than downsides.

[creeble]

The DNS only provides one upside: memorable names.

But there aren't enough downsides to ever be more important than this one feature, or you would just be telling people IP addresses already.

[danShumway]

I want to be able to carry a domain between IP addresses.

But to rephrase your argument in a way that does feel more convincing to me, maybe there aren't enough downsides to ever be more important than this one feature, or I would be registering random strings for my domains already, just to get rid of the effort of finding new names for things I'm building.

[lone_haxx0r]

>you would just be telling people IP addresses already.

That's doable in ipv4, probably with some rebasing: e.g. converting decimal to hex, 192.168.0.1 becomes c0.a8.00.01

IPv6 addresses, on the other hand, are unmanageable with bare human memory, but I quite like the idea of every person managing their own hosts file, listed with a mnemonic name for their favorite addresses.

[tzs]

> I'm slowly starting to suspect that maybe having human-readable names for domains is a mistake

I've been coming to the same conclusion, for different reasons.

I've been thinking of getting some meaningless domain name, like 5aeca67f937de276.net [1], and then using email addresses at that domain for the contact email or login email at as many places as possible.

The idea is that if I use any meaningful name, there is a chance that some company will come along that does business under the same name, and will dispute my use of the domain name. At best, that will be a hassle to prove I'm not just cybersquatting, and at worst I could lose the domain and have to change my email at dozens, or even hundreds, of places.

I'm probably safe on my current main domain, tzs.net, because I've had it for around 21 years [2], and every time someone has inquired about buying it from me, I've responded saying that although it does not have a large web presence and so may appear lightly used it is in fact used for a lot of non-public web stuff, and extensively used for email. I don't even ask what they are offering for it. I tell them it would simply be impractical for me to move to another domain, and so it is not for sale. This should make a reasonable case that I'm not cybersquatting.

[1] Randomly generated by taking 64 bits from /dev/urandom and printing it in hex. I was thinking of 128 bits, but an email address that is @5aeca67f937de2760159265d458ba3d0.net might be too long for some poorly designed login forms.

[2] The first owner was my employer at the time, which bought tzs.net, tzs.com, and tzs.org because my boss thought I might like them. When those expired a year later, they transferred to me whichever ones I wanted to keep. I kept tzs.net and the other two expired.

[gist]

> I'm slowly starting to suspect that maybe having human-readable names for domains is a mistake.

Not sure given how successful busineses have been with their web identities how you can say that.

> There would be some awful challenges if we got rid of the human-readable part of domains but the benefits of moving to something like a unique hash or key instead

I don't get the point of making a statement like that. It's like saying 'get rid of cars and the benefits will be'.

You know it's a complete non starter because given how things are it can't happen in the short future. We can't even get rid of spam phone calls for god sake. That is almost simple by comparison to 'eliminating human readable parts of domains'

[athenot]

You can do that today with IP addresses. v6 ones are plentiful. But I don't know how SSL would work without the domain part.

EDIT: Cloudflare pulls it off here so it's certainly possible. https://1.1.1.1

[tialaramex]

Sure, you can just go buy a certificate for an IP address. The Subject Alternative Name extension used to make X.509 certificates work on the Internet this century takes IP addresses (IPv4 or IPv6) just as happily as DNS names (including IDNs, written with A-labels) or email addresses. You will need to prove enduring control over the IP address, often by showing that one of the RIRs issued it to you as part of a block assignment.

Of course running an RIR isn't free, and so the RIRs charge fees to their members, Cloudflare will be paying APNIC (and probably all the other RIRs since they're a global company).

And we're straight back to the usual suspects insisting that surely they ought to be entitled to everything for free. How can it possibly cost money to blah blah blah. Basically all you need to watch out for with such people is to make sure you get paid up front, because given an opportunity to stiff you they won't even feel guilty.

[danShumway]

Can I move a v6 address between locations/machines?

[sethhochberg]

Sure - but with most of the same caveats that apply to moving your own globally public IPv4 address around... ie, you need to register for an AS number, buy the IP space you want, and publish routes in the global internet routing table.

Its nowhere near as cheap as DNS and much more complicated (since you're concerned about things like how, physically, pulses on a wire/fiber will make it to the edge of your network.. you need to peer with one or more ISPs).

You could lease address space from an ISP and make all of that their problem, but then of course its not _your_ IP space. Think of it like the difference between being an internet user (leasing IP space) and a member of the internet (running your own network).

Since we're specifically talking about DNS in here though, I really don't think a stable IPv6 address would be a viable alternative to what we use DNS for.

[dmurray]

The effect would be to give Google even more power. It wouldn't just be your older, less tech-savvy relative who now type "cnn" into the Google search bar every time they want to visit cnn.com.

[danShumway]

Anecdotally, it's not just less tech-savvy people who do that. I do that today for most sites I visit that aren't bookmarked, because I don't trust myself to remember if domains are registered as `.org` or `.com`.

Of course, I use DuckDuckGo to do it instead of Google, and I also block ads because they're yet another area for phishing attacks. But look at HN for example -- I have HN bookmarked because I can't get myself to remember that it isn't `hackernews.com`. I have definitely used DuckDuckGo and Google in the past to find this website when I was on an unfamiliar computer.

The Google Ads phishing attacks are also an interesting point here -- they work. You can build a Google Ad for a product that points to a completely separate website, and you'll catch people. Arguably (probably) getting rid of readable names would make that problem worse, but it's not like the current situation is good. Domains are already hard to remember ("Does it have a dash in it? What's the TLD? Are the numbers spelled out?").

The question is whether it would even be possible at all to build a better system. I don't know.

[enobrev]

There's nothing stopping any of us from using a sha-n hash or uuid as a domain name now. Would definitely make domain searches for new projects a hell of a lot easier.

[ummonk]

I guess what you’re really saying is that human readable aliases should require identity verification? That makes sense.

[bytematic]

How do you advertise it or word-of-mouth the domain?