wav-part's comments

Ultrawealthy Ought to Help

https://www.youtube.com/watch?v=PGMQZEIXBMs

You are overlooking a simple fact: Rich dont want to pay taxes.

You will always have problems when taking from the rich. 800 years ago It was barron rebellion (Magna Carta). Now its army of lawyers and gutted IRS. IMO War between taxman and rich is not entirely off table in future.

Call it DNSSEC or whatever, DNS needs more crypto. At present security of DNS rely on manual intervention, 2FA, "multi-perspective DNS lookups" and other rituals. That does not scale to 250M domains. Expect more hijacks until then.

DNSSEC+DANE replaces registrars. The entity would push signed request directly to tld.

Or who would lose from DNSSEC getting adopted ? CAs.

This is a fight for cert revenue: CAs vs ICANN.

Its not like Corporations can pay someone else, say US or China, to protect their assets and people. US totally wont fk EUs shit up for few hundreds of billions. No sir, countries can seize and kidnap without consequences, because muh sovereignty.

Case in point: 2018 Federal taxes centralized $3.4T in the hands of 300 people.

Which gov gets the money and why ?

> Alternatively, they introduce an involatile shared fiction into the public conscious, that justifies their position

Like democracy=good, populism=bad ?

How does a democracy (or any governance system backed by public will) survive if there is a 50/50 split in public will ?

We do not consume energy. We consume goods and services which require energy to produce. This model completely ignores past and future advancments in energy efficieny.

Businesses did not make buildings safer just because someone told them to. It is naturally considered a bad idea to kill your customers. Businesses would always create an environment that generate more profit. Safer establishments are one of many ways. Businesses would _always_ stay ahead of any bureaucratic recommendations/requirements, because they have the incentives. Rather misguided/outdated laws are real problems, because gov lacks the (strong enough) incentive.

> The cost of low-trust in a modern economy is huge.

So you dont trust anyone unless gov tells you to ?

What people did before there were fire code ? How did they get out ?

Browser vendors (specifically all DNS users) have the option. They can do it, if IANA fails at the job of being a dnsroot. Disruption is inversely proportional to consensus. If everyone do it, there is no disruption. Some disruption is unavoidable. Its fair price to pay for stable and solid global naming system.

Ultimately its about deciding who gets to own "x.y.z" string brand globally/contextlessly. World obviously need a single naming system. Either that or expect to have multiple owners to "google.com".

My suggestions are required otherwise why would someone build a global brand if ownership is not safe or guarnteed enough. Future is way more chaotic. Without crypto, a global naming system is not going to survive.

Anyone can fork DNS. Its just a (name, key) map. As long as its done with enough consensus, it can be done. Mismanagement of .com is serious enough to demand that kind of change.

Lets say .com gets mismanaged. Community is infurious. firefox/chrome/etc demands that . remap .com to new more trustable entity. If . does not. firefox/chrome/etc then remap . to new more trustable entity, because .com must be as trustable as ., because .com is that important. New . give back ownership of all tlds to their previous owners. Except for .com. .com goes to the more trustable entity as intended. New .com then does again similar import of all good xxx.com.

In this whole incident, no one loses the ownership of their names except for .com and possibly . .

Now no gov can touch *.com. Though its different for cctld. Those are owned by their respective govs. Same goes for gtld. But no one gets to mess with . .com .org .net.

You is firefox/chrome/etc. Yes you can. The ownership of .com is not as exclusive/protected as .xxx or xxx.com. Thus the firefox/chrome/etc can map it to anyone they feel. Considering so many high value .com subnames, .com can be transferred to neutral party or even dnsroot. USG do not own ".com" string. No one does. Just like ".".

No. You just map .com to another key with an agreement that new .com owner pre signs and map existing .com subs the right way. An unaware xxx.com does not need to do anything. As long as its done publically with a bang and enough consensus, disruption should be minimal.

Again this is unavoidable in any system that need trust. Thats why I like PoW DNS.

Current: Google need to watch all CAs.

DNSSEC: Google need to watch .com and dnsroot.

Which one is better ?

----

(I am ratelimited so posting here rather than reply to the child post by tptacek https://news.ycombinator.com/item?id=18889809)

Of course they can. There is literally no legal or otherwise difference between Verisign and .com. Chrome can do whatever it want, cause its Google's browser not .com's.

In case when .xxx becomes dishonest, you can just move to your own gtld or .more-trustable tld. In current system, there is no concept of ditching a CA. If a CA decided to missmap a name and you are too small, you are fked.

> it’s actually 1, or 1 AND 2

No you can have DNSSEC without CAs. I have explained that already without changing much of the tls. Basically example.com DNSSEC key become CA for example.com. example.com then would create a tls cert in the usual way. No pain.

I am not suggesting every client do their own mapping, that is not a naming system at all. There has to be very large consenus for a naming system to be effective. I just pointed that out to show that dns is not under any gov control. Its under a control of an entity that can be punished.

However who gets to have dnsroot is just a value of a config in DNSSEC. The value itself should not be used to criticize DNSSEC cause its changeable.

Except there has to be a crypto proof why Google owns google.com not me. That means we need to secure dns. Then why need CAs at all ? Whats the point ?