[jrochkind1]

So it aims to replace both DNS (a way of looking up IP address for a hostname) as well as certificate authorities (a way of knowing if the SSL cert being used by your connection is 'good')?

Its an alternative DNS, with a method to use that alternative DNS as a way of authorizing ssl certs too?

[troquerre]

That's right! Though the infrastructure for HTTPS without CAs on Handshake is still nascent (the community welcomes contributors if you're interested!). This article covers how to set up HTTPS on Handshake using DANE https://medium.com/@ca98am79/how-to-view-dane-tlsa-websites-...