[buffrr]

> The central KSK is a reason for normal users to dislike DNSSEC, but it's not why virtually nobody in the industry has deployed it, even though we're rapidly closing in on 3 decades of standardization effort for it.

I'm aware of the complexity DNSSEC adds and your opinions on it ;) it's getting easier to deploy with modern resolvers (also ed25519 is now more widely supported)

I still think it makes sense to cut the middleman (certificate authorities) one day and rely directly on DNS (whether its DNSSEC, DNSCurve, or some other way).

> Handshake is a deeply silly idea; literally, the Internet analog of selling the Brooklyn Bridge.

I think seeing whether a blockchain (specifically made for DNS) is suitable for this problem is more important at this point. At the end of the day, if you don't like name collisions with ICANN, you can add a suffix to the namespace like `.hns` (using some proxy) or just prefer ICANN TLDs in the resolver.

[tptacek]

A blockchain-based TLD like dot-hns would be one thing, but that's not what Handshake is, right? Handshake looks at the existing DNS infrastructure built over the last 35 years or so, says "oh, that's ours", and sells shares in it.

[buffrr]

I believe they distributed around 70% of the coin supply to open source developers (I think only a small percentage claimed so far). The names are sold in auctions and the coins are burned after the winner is declared (I understand that early adopters will still benefit from that).

It's decentralized, and ultimately, users will decide how they value those names, though. So, for example, they can put them under dot-hns or prioritize ICANN TLDs in case of a name collision. Some existing TLDs may decide to claim their name if they disagree with a centralized root. IMO, It's flexible and pretty experimental for now

[tptacek]

If I try to sell you shares in the Brooklyn Bridge, it doesn't so much matter if I've distributed many or even most of the shares to open source developers. I don't own the bridge.

[buffrr]

yeah that's the thing who owns the bridge? some may argue that control of ownership should be decentralized and some may disagree. but like I said it wouldn't be too bad if users ended up using it under some TLD but that's my opinion

[tptacek]

I don't know who owns the bridge. What I know is that these people don't. Literally their only claim to it is deciding it's theirs to sell. It's a batshit plan and it's shocking to me that anyone takes it seriously. I want to do the same thing with ARP. You gotta pay me to talk to your Wi-Fi router. Affordable and convenient payment plans are available.

[buffrr]

I think the analogy here is weak. A blockchain-based naming system is different, though. It's governed by consensus. The majority of users must agree on who owns a particular name or at least that's how it should work.

Don't know of any other way to create a decentralized name system without doing something similar (regardless if it's top level or secondary level names)