[KirillPanov]

> with decentralized DNS, it is possible to replace certificate authorities by using DNSSEC

In what sense is DNSSEC decentralized? IMHO signing the root zone is about the most-centralizing thing that has ever happened to the Internet.

[tasuki]

That's the thing Handshake is trying to address: with the root zone being on the (decentralized) blockchain, each TLD owner has full control over issuing the certificates for that domain using DNSSEC+DANE. The idea was that this would allow us to get rid of both the centralized root zone and CAs.

[saargrin]

wouldnt that blockchain grow exponentially ?

[tasuki]

Why exponentially? Seems like linear growth to me.

[tptacek]

It is exactly that.