[pavon]

If I understand they want a (globally unique, secure) GNS name and a (globally unique, human friendly) traditional DNS name which acts as an alias for the GNS name via CNAME.

This can work, and sounds like a good compromise in that it lets machines and people who care deeply about security use your secure name (which is more portable than an IP address), while providing a human friendly name for people who don't care and just want things to work.

[schanzen]

These are all valid deployment questions, which we tried to address in Appendix A.

In a nutshell, we expect that resolvers would ship with a (large) set of default "suffix-to-zone" mappings, that can be overridden by the user to provide a usable and convenient out-of-the box experience. Not that "we expect" means that this would be the ideal scenario, not something to expect when installing our reference implementation right now.

[nine_k]

But what's the point? Federation, I suppose?

Because if globally unique, human-readable DNS still works, I see no point in migrating off it. If the point is smoother migration, then we should start forgetting about human-readability, because it's going to disappear anyway.

[Karrot_Kream]

TLS certs without having to buy a domain? Create a GNS domain, set a LEHO record with the necessary Host name, and make your cert based on that? Obviously you'll need a CA that's willing to issue certs for GNS LEHO names, but that way you can use the current TLS CA system to a domain without having to actually spend money on one. Alternatively, have the CA issue wildcard certs for zTLDs and then you can manage your own zTLD without issue.

[nine_k]

Letsencrypt allows to produce TLS certificates for free, under a reasonable, globally trusted CA.

If we wanted to go away from centralization here, that would require a serious breakthrough, the magnitude of Bitcoin.

[Karrot_Kream]

Sure but that's contingent on owning or being able to host something under a domain.