[buffrr]

Creating an alternative or an extension to the DNS root is pretty ambitious. If they had chosen a TLD similar to .eth, .bit ... etc., it would have been more manageable, and they could've avoided issues with name collisions.

However, there are some advantages to decentralizing trust in the root since there won't be a need for a root KSK[0] or a central entity that manages the root zone making DNSSEC + DANE more appealing even for existing TLDs.

[0] https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/

[tptacek]

The central KSK is a reason for normal users to dislike DNSSEC, but it's not why virtually nobody in the industry has deployed it, even though we're rapidly closing in on 3 decades of standardization effort for it.

Handshake is a deeply silly idea; literally, the Internet analog of selling the Brooklyn Bridge.

[buffrr]

> The central KSK is a reason for normal users to dislike DNSSEC, but it's not why virtually nobody in the industry has deployed it, even though we're rapidly closing in on 3 decades of standardization effort for it.

I'm aware of the complexity DNSSEC adds and your opinions on it ;) it's getting easier to deploy with modern resolvers (also ed25519 is now more widely supported)

I still think it makes sense to cut the middleman (certificate authorities) one day and rely directly on DNS (whether its DNSSEC, DNSCurve, or some other way).

> Handshake is a deeply silly idea; literally, the Internet analog of selling the Brooklyn Bridge.

I think seeing whether a blockchain (specifically made for DNS) is suitable for this problem is more important at this point. At the end of the day, if you don't like name collisions with ICANN, you can add a suffix to the namespace like `.hns` (using some proxy) or just prefer ICANN TLDs in the resolver.

[tptacek]

A blockchain-based TLD like dot-hns would be one thing, but that's not what Handshake is, right? Handshake looks at the existing DNS infrastructure built over the last 35 years or so, says "oh, that's ours", and sells shares in it.

[buffrr]

I believe they distributed around 70% of the coin supply to open source developers (I think only a small percentage claimed so far). The names are sold in auctions and the coins are burned after the winner is declared (I understand that early adopters will still benefit from that).

It's decentralized, and ultimately, users will decide how they value those names, though. So, for example, they can put them under dot-hns or prioritize ICANN TLDs in case of a name collision. Some existing TLDs may decide to claim their name if they disagree with a centralized root. IMO, It's flexible and pretty experimental for now

[tptacek]

If I try to sell you shares in the Brooklyn Bridge, it doesn't so much matter if I've distributed many or even most of the shares to open source developers. I don't own the bridge.

[buffrr]

yeah that's the thing who owns the bridge? some may argue that control of ownership should be decentralized and some may disagree. but like I said it wouldn't be too bad if users ended up using it under some TLD but that's my opinion

[NetOpWibby]

Should ICANN open up ccTLDs, .eth is going to have a collision with Ethiopia. Whether Ethiopia is interested in operating a TLD is another story.

[edwardtay]

Ethiopia = .et