|
|
|
|
|
|
by troquerre
2191 days ago
|
|
|
Handshake took inspiration from predecessors like Namecoin but it’s very different. First is scope: Namecoin puts domain names on its blockchain under the .bit TLD whereas Handshake targets TLDs. It does so because Handshake aims to improve the security of TLS by shifting trust from CAs to its blockchain. The CA model is weak bc only a single CA among the thousands of CAs that your computer trusts needs to get compromised in order for your security to get compromised. And the likelihood of a single CA failure increases over time. That’s the opposite of what you want in a robust system. With Handshake, certs can be pinned directly on the blockchain, which becomes more secure as more nodes join the network and across time as more blocks get mined on top of the pinned cert. This shifts the system from diminishing security to accumulating security. That’s the main innovation behind Handshake. There are other differences in the issuance model as well. Namecoin’s issuance destined it for failure from day one since names are registered for a flat fee without restriction. This meant that squatters and early adopters could lock up the namespace without paying the true market price of the name. Handshake uses an auction system for name registration and releases the namespace over time (the release date is determined by hashing the name % 52), which means that names are registered for their true market price and newcomers can still register good names. This difference is critical and already playing out successfully — the highest auction was for 200k HNS, which is equivalent to $20k USD and 7/12 of the namespace is still unreleased. |
|
|
The main innovation of handshake is they reinvented DANE on the blockchain? Don't get me wrong, DANE in DNS has some issues, but how is that an improvement from namecoin? Are you saying namecoin is incapable of storing the hash of a certificate in its name records? I'd also bet the cost of a 51% attack on handshake is significantly less than the cost of hacking a CA. [Edit: after posting this i realize im not sure the 51% attack is a relavent attack here, since "double spending" isn't going to help someone pull off a MITM]
The other inovation, is instead of scoping it so it doesnt conflict with existing system, instead handshake directly conflicts with existing DNS names. I fail to see why that is a good thing.
I will admit the auction system is an interesting solution to the cybersquatting problem. I dont think its what most people want out of a naming system (if own microsoft, i want my domain to be microsoft.com, not to wait 10 years for it to be released), but it is an interesting solution.