[cyberax]

> To change an ENS entry, you just sign a message and broadcast it anywhere. No need to interface with a registrar. The global resolver gets updated seconds later.

Yeah. And if your domain name keys are stolen or lost, they're gone. Forever. Or held for ransom. That's a huge reason why people are not rushing to use blockchain-based DNS.

[everfree]

Have you ever had a domain name stolen? They're also gone forever in most cases. There is no standard recovery path once a domain leaves the hands of your registrar. You might as well be trying to reverse an international wire transfer.

ENS is not worse in this respect than DNS. The DNS solution is for your registrar to require 2FA to protect your name from being transferred out in the first place. The ENS solution is for your custodian to... require 2FA to protect your name from being transferred out in the first place.

The difference is that anyone has the option to custody their own domain name if they want to - entrusting a third party is not a necessity.

Edit: Additionally, ENS gives you the equivalent of DNSSEC for free. So no need for certificate authorities, which represent DNS' reliance on cryptographic keys that would be catstrophic if stolen anyways.

[cyberax]

> Have you ever had a domain name stolen? They're also gone forever in most cases.

If it's a high-value domain, you call the registrar and get it back. Worst case, you can sue the thief if you hold a trademark for the name.

> There is no standard recovery path once a domain leaves the hands of your registrar.

There is. It's called "a lawsuit".

[everfree]

> If it's a high-value domain, you call the registrar and get it back.

When a domain name is stolen, definitionally it leaves control of the registrar.

> Worst case, you can sue the thief if you hold a trademark for the name.

You can also sue a thief who has a blockchain name. Blockchains don't magically make it so you can't sue someone and win a judgement.

International lawsuits for domain recovery work fine if you're a medium to large company. But "just sue an international thief" doesn't work so well if you're a small business or an individual. In that case, DNS doesn't hold any legal advantage over ENS, whereas ENS allows for much greater flexibility in secure custody setups to prevent theft in the first place.

> There is. It's called "a lawsuit".

And you can just as "easily" sue someone who steals a blockchain name. Just dig past the fake identity they're hiding behind, figure out which city and country they live in, hire a private investigator to determine their name and address, and hire a lawyer that practices in the theif's country but speaks your native language. It's not any harder than suing someone who stole your DNS name.

[echoangle]

> When a domain name is stolen, definitionally it leaves control of the registrar.

So call the registry?

The difference is that a judgement will actually get you something because in the end, the registry can give the domain to whoever they want. If your crypto DNS name is gone, you can’t appeal anywhere, even if you win your lawsuit (which you will, the opponent won’t appear).

[everfree]

> So call the registry?

Verisign's phone tree is pretty gnarly last time I checked.

> The difference is that a judgement will actually get you something

It could easily cost tens to hundreds of thousands of dollars to win a lawsuit in the registrar's jurisdiction, which is not feasible for an individual or small business.

As far as large corporations go, they don't have to worry about domain theft anyways. They all just pay tens of thousands of dollars for MarkMonitor to guard their domains with enterprise security, never have their domains stolen, and call it a day. I think where ENS shines is for small businesses and individuals.

The better option than recovery is just to prevent your domain from being stolen in the first place. For ENS or DNS this is fundamentally the same concept - just make sure you trust the company that holds custody of your domain name. For ENS, you have the option but not the obligation to custody your name yourself, or to use an M-of-N signature scheme amongst trusted friends, business partners, and/or third-party companies. It's hard to steal a domain name when you need to fool 3 out of 5 executives plus a third party into approving a transfer.

> the registry can give the domain to whoever they want

Could be a feature, could be a bug.

[cyberax]

> Verisign's phone tree is pretty gnarly last time I checked.

If your name is like `microsoft.com`, then you call the registrar. They have contacts in the .com and .net TLD administrators to file issues. If that fails, there's a formal process: https://www.icann.org/resources/pages/providers-6d-2012-02-2...

Never mind that most registrars have protections against the transfer and will generally spam the hell out of you with notifications.

This makes the domain hijacking a low-value target for crooks. It happens, but not a lot.

> The better option than recovery is just to prevent your domain from being stolen in the first place.

Which will not happen. You still have all the same issues with lost keys, misconfigured settings, etc. Except now with zero recourse.

> For ENS, you have the option but not the obligation to custody your name yourself, or to use an M-of-N signature scheme amongst trusted friends, business partners, and/or third-party companies.

Yeah. Have you actually ever done anything like that in real life?

That's the thing, blockchain astronauts are kinda like PGP enthusiasts. They keep claiming that it solves all the problems, if you attend their groupie, erm, key signing party.

[scyclow]

You can always hold the ENS in a multisig wallet, or hold it in a smart contract with whatever arbitrary custom logic you want.