DoB will have to deal with some problems, especially bad actors; people will squat on domains, register typos (fscebook.com) or even bitflips (fabebook.com, b is one bitflip from c). Malware owners will run their C&C servers on domains.
Malicious domains will require someone removing them or blocking them even, unless you want the DoB namespace to turn into a cesspool of malware, phishing and nazis. Not something the average person wants.
You either have the freedom of decentralization and all the benefits and drawbacks that comes with it, or you have our current system with the ability to centrally manage but then you depend on those large, centralized entities to do an impartial job. And we know that nobody is impartial.
Then Facebook can buy the space of typos around their name? Just because Facebook (or Twitter, Instagram, et al) are popular sites, doesn't mean registrars should give them special treatment. What happens when they stop being popular?
Yeah, why even let the Nazis have IP addresses? In fact, if we took away their computers, pens, and papers, surely that would make them less likely to lash out violently.
Yes, DNS should be like the old phone book — published regularly, pick one up anywhere & everywhere, look things up anonymously (granted, authenticity guarantees were somewhat lacking).
My question - Sure blockchain can do this, but couldn’t a simpler DHT-based p2p system would work just as well or better? I like the distributed/anonymity/authenticity, but why is blockchain required?
Handshake is another DNS on blockchain project that's taking a different approach — it's aiming to decentralize the root zone (TLDs) instead of domains, because the root zone is where the centralization happens.
Every time I see an article claiming that someone is building some “decentralized” system to make censorship harder I wonder if anyone of those people even understands how the internet is censored at scale in places like China.
For the censorship we have in the west e.g. blacklisting torrent sites a non-ISP DNS and or CDN already solve that problem, for anything beyond that nothing would help.
Indeed, this was my first thought when I read the title, and IMO, it still remains the other obious killer app. for blockchain (besides store of value / currency, obviously).
Namecoin is an idea (that failed because IMO it was too early) so old by now that I am truly surprised there hasn't been a full blown distributed DNS solution that works in parallel to the existing one based on blockchain.
I'll go ahead and note that this doesn't require a blockchain. Each TLD is controlled by a single entity. Anything a site would store on a blockchain, they could easily submit to that single entity to be published.
No, public key cryptography means that the key doesn't need to be shared.
A blockchain is only needed if parties need to write to the database in a decentralized manner, and the order of the writes is important & can't be tampered with.
The article explains the censorship resistance aspect but not the security. How does Handshake deal with the things Cloudflare does for me? DDoS and WAF protection, at least?
Firewalls and DDOS protection have nothing at all to do with name resolution. These are routing concerns that require taking a deep look into the packets (DPI), while name resolution and key exchange are prior steps.
Also, what does CloudFlare bring to you? 99% of websites don't need DDOS protection or a complex firewall. Using CloudFlare for these websites means:
- CloudFlare gets to inspect and snoop 100% of your "HTTPS" trafic (because the TLS termination happens on their side)
- Users without Javascript (command-line browsers or GUI browsers disabling JS for performance/security concerns) cannot access your website
- Tor users most times cannot access your services at all because CloudFlare and Google work hand-in-hand to prevent them from using the web by serving infinite CAPTCHA loops (see #FuckCloudFlare)
- CloudFlare becomes a SPOF for much of the web, like other "cloud" providers ; accessing your website depends on the availability and good will of a huge multinational
So if you want to help people access the Internet without censorship and surveillance, please never use CloudFlare or equivalent services. They make everything so much worse through centralization. If we wait too much, it will become a HUGE problem.
> Namecoin and the Ethereum Name System were the first attempts at bringing name resolution to the Blockchain. At Diode we’re going the next step and are moving PKI & DNS into the Blockchain
The article specifically calls out Namecoin, but doesn’t say anything about how Namecoin falls short or why it can’t be augmented/improved instead of building a whole new thing.
I know I’ll sound like a grump here, but why does the bar for HN front page feel so low these days?
There's some interesting work on this going on in W3C, in the Verifiable Claims Working Group [1] and in the newly minted Decentralized Identifier Working Group [2]. I'm a member of the W3C Credentials Community Group (CCG) [3], which is where those two WGs started.
There are also a number of other valuable efforts. Both in other Standards Development Organizations (SDOs), such as Decentralized Identity Foundation (DIF) [4], Apache HyperLedger projects like Aries [5], etc. And in working conferences/unconferences like Rebooting Web of Trust (RWOT) [6], and Internet Identity Workshop (IIW) [7]. On a tangential note, Unconferences are an interesting concept [8].
So every DNS change is stored into the blockchain, forever? Will you have to download terabytes and terabytes of the blockchain in order to serve as a node? Why is that kind of audit history necessary?
Why is the solution to every problem "blockchain" these days?
You don’t necessarily need to store DNS changes into the blockchain. The blockchain will only keep the current state and would prune the changes. According to Diode’s blog posts, 20kb of storage is all it needs with BlockQuick, the newly developed light-client protocol.
The point is less about storing the audit history, but more about preventing Man-in-the-Middle attacks and solving the timestamp-certificate chicken-egg problem.
question—can’t a government actor like china just watch the record for where it points to and just filter that address? doesn’t that defeat the whole purpose of this uncensorability?
while it may be harder in the US i could legitimately see a mechanism developing to make that a requirement for isps
They can, and do, already do this for regular DNS. This would prevent US-style domain name seizures but would do nothing against actual competent censorship.
Correct me if I'm wrong, but wouldn't DNS-on-blockchain make lookups orders of magnitude slower than they are now, especially with many DNS services advertising based on speed?
Yes, DNS-on-blockchain would likely make lookups orders of magnitude slower than they are now -- it's making a trade-off between security and performance.
A lot of blockchain projects coordinate "seed nodes" by storing collections of IP addresses within the DNS records of websites that community members run, because it is an already decentralized enough record
[+] [-] zaarn|6 years ago|reply
Malicious domains will require someone removing them or blocking them even, unless you want the DoB namespace to turn into a cesspool of malware, phishing and nazis. Not something the average person wants.
[+] [-] m-p-3|6 years ago|reply
[+] [-] tinybeagle|6 years ago|reply
[+] [-] pkhamre|6 years ago|reply
[+] [-] Karrot_Kream|6 years ago|reply
[+] [-] girlATthepub|6 years ago|reply
I guarantee you will have luck. Let's truck it. Have some self-hope. It'll be grand <3
[+] [-] woah|6 years ago|reply
[+] [-] sundbry|6 years ago|reply
[+] [-] cobbzilla|6 years ago|reply
My question - Sure blockchain can do this, but couldn’t a simpler DHT-based p2p system would work just as well or better? I like the distributed/anonymity/authenticity, but why is blockchain required?
[+] [-] troquerre|6 years ago|reply
This MIT Tech Review article gives a good overview of Handshake's goals: https://www.technologyreview.com/s/613446/the-ambitious-plan...
[+] [-] dogma1138|6 years ago|reply
For the censorship we have in the west e.g. blacklisting torrent sites a non-ISP DNS and or CDN already solve that problem, for anything beyond that nothing would help.
[+] [-] pjc50|6 years ago|reply
[+] [-] isostatic|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] LeoPanthera|6 years ago|reply
https://en.wikipedia.org/wiki/Namecoin
[+] [-] ur-whale|6 years ago|reply
Namecoin is an idea (that failed because IMO it was too early) so old by now that I am truly surprised there hasn't been a full blown distributed DNS solution that works in parallel to the existing one based on blockchain.
[+] [-] rubyfan|6 years ago|reply
Also, reminds me of the old saying about “now you have two problems”
[+] [-] Dylan16807|6 years ago|reply
[+] [-] joosters|6 years ago|reply
[+] [-] LIV2|6 years ago|reply
[+] [-] bouncycastle|6 years ago|reply
No, public key cryptography means that the key doesn't need to be shared.
A blockchain is only needed if parties need to write to the database in a decentralized manner, and the order of the writes is important & can't be tampered with.
[+] [-] tylerl|6 years ago|reply
[+] [-] lowestlatency|6 years ago|reply
[+] [-] southerntofu|6 years ago|reply
Also, what does CloudFlare bring to you? 99% of websites don't need DDOS protection or a complex firewall. Using CloudFlare for these websites means:
- CloudFlare gets to inspect and snoop 100% of your "HTTPS" trafic (because the TLS termination happens on their side)
- Users without Javascript (command-line browsers or GUI browsers disabling JS for performance/security concerns) cannot access your website
- Tor users most times cannot access your services at all because CloudFlare and Google work hand-in-hand to prevent them from using the web by serving infinite CAPTCHA loops (see #FuckCloudFlare)
- CloudFlare becomes a SPOF for much of the web, like other "cloud" providers ; accessing your website depends on the availability and good will of a huge multinational
So if you want to help people access the Internet without censorship and surveillance, please never use CloudFlare or equivalent services. They make everything so much worse through centralization. If we wait too much, it will become a HUGE problem.
[+] [-] foxhill|6 years ago|reply
[+] [-] wallacoloo|6 years ago|reply
The article specifically calls out Namecoin, but doesn’t say anything about how Namecoin falls short or why it can’t be augmented/improved instead of building a whole new thing.
I know I’ll sound like a grump here, but why does the bar for HN front page feel so low these days?
[+] [-] Communitivity|6 years ago|reply
There are also a number of other valuable efforts. Both in other Standards Development Organizations (SDOs), such as Decentralized Identity Foundation (DIF) [4], Apache HyperLedger projects like Aries [5], etc. And in working conferences/unconferences like Rebooting Web of Trust (RWOT) [6], and Internet Identity Workshop (IIW) [7]. On a tangential note, Unconferences are an interesting concept [8].
[1] https://www.w3.org/2017/vc/WG/ [2] https://www.w3.org/2019/08/did-wg-charter.html [3] https://w3c-ccg.github.io/ [4] https://identity.foundation/ [5] https://www.hyperledger.org/projects/aries [6] https://www.weboftrust.info/ [7] https://internetidentityworkshop.com/ [8] http://unconference.net/
[+] [-] jeffk_teh_haxor|6 years ago|reply
Why is the solution to every problem "blockchain" these days?
[+] [-] Kiro|6 years ago|reply
That is a trope and is no longer true. If you say blockchain is the solution you get laughed at.
[+] [-] tinybeagle|6 years ago|reply
The point is less about storing the audit history, but more about preventing Man-in-the-Middle attacks and solving the timestamp-certificate chicken-egg problem.
[+] [-] heythere22|6 years ago|reply
[+] [-] sundbry|6 years ago|reply
[+] [-] yellow_postit|6 years ago|reply
[+] [-] asdf333|6 years ago|reply
while it may be harder in the US i could legitimately see a mechanism developing to make that a requirement for isps
[+] [-] freeone3000|6 years ago|reply
[+] [-] Causality1|6 years ago|reply
[+] [-] tinybeagle|6 years ago|reply
[+] [-] rolltiide|6 years ago|reply
This is going full circle
[+] [-] Vosporos|6 years ago|reply
[+] [-] pizzazzaro|6 years ago|reply
[deleted]