Follow Slashdot stories on Twitter
The Ambitious Plan To Reinvent How Websites Get Their Names (technologyreview.com) 154
“To people like Steven McKie, a developer for and investor in an open-source project called the Handshake Network, this centralized power over internet naming makes the internet vulnerable to both censorship and cyberattacks,” reports MIT technology review. “Handshake wants to decentralize it by creating an alternative naming system that nobody controls. In doing so, it could help protect us from hackers trying to exploit the DNS’s security weaknesses, and from governments hoping to use it to block free expression.” From the report: The system would be based on blockchain technology, meaning it would be software that runs on a widely distributed network of computers. In theory, it would have no single point of failure and depend on no human-run organization that could be corrupted or co-opted. Handshake’s software is a heavily modified version (“fork”) of Bitcoin, and just as Bitcoin’s network of miners protects the cryptocurrency from manipulation and makes it virtually impossible for authorities to shut down, a similar network could keep a permanent, censorship-resistant record of internet names. The Handshake team is far from the first to try to create a decentralized naming system for the web. But unlike previous efforts, Handshake isn’t trying to replace DNS but work with it.
Besides ICANN, there’s yet another class of organization whose job Handshake aims to decentralize. See that little padlock icon in your browser bar, to the left of the domain name? That means your computer has verified that your connection to this website is encrypted and that the site is authentic, not a fake one designed by a criminal trying to steal your login credentials. It does that by checking the veracity of a string of numbers called the site’s digital certificate, issued by one of a number of so-called certificate authorities. These entities, many of which are for-profit companies, are crucial to internet security. They can also get hacked. And if one gets breached, and an attacker can start issuing fake certificates, it undermines the security of the whole internet. But if website names are managed on a tamper-resistant blockchain, then you don’t need certificate authorities; the naming system itself can provide the guarantee that the site you’re connected to is real. That’s what Handshake aims to do.
- by Anonymous Coward
’nuff said.
Re:”Blockchain” (Score:5, Insightful)
by jiriw ( 444695 ) on Thursday June 06, 2019 @06:58AM (#58718074) HomepageThere are ways to do a block chain and not burn through a lot of electricity. It’s all in the implementation. There are chain implementations that don’t use mining to be able to add new nodes. Although, ‘fork of bitcoin’ doesn’t inspire a lot of trust in that regard…
Re: “Blockchain” (Score:5, Informative)
by c6gunner ( 950153 ) on Thursday June 06, 2019 @07:36AM (#58718164) HomepageIt’s not new, either. “Namecoin” has been around for 8 years now. This is the same concept with a new name, and unlikely to do any better.
Title had an error (Score:2, Insightful)
by Anonymous CowardFixed:The Futile Plan To Reinvent How Websites Get Their Names
File it with change keyboards from QWERTY and move the US to metric systemMy car almost completely uses metric fasteners and dimensions, the speedometer the most glaring exception.
Nothing much I buy uses Imperial fasteners unless it’s a legacy product, such as plumbing and cooking items. Oh, yeah…
The effort to convert plumbing, electrical, construction to metric would be fairly substantial. The value? Only tangible outcomes are of value. Prestige and acceptance don’t exist.
- by jbengt ( 874751 )
The effort to convert plumbing, electrical, construction to metric would be fairly substantial. The value? Only tangible outcomes are of value.
Converting plumbing and electrical to metric would not be that onerous. For example a 3/4″ Schedule 40 steel pipe is exactly the same as the 20 DN pipe used in Europe. It has an ID of 0.824″ and an OD of 1.05″. And the US already measures electricity in watts and kilowatts, the same as in metric countries.
The tangible value to me would be more efficient calcula
- So what do they use as “proof of work” without there being a central authority ?
Blockchain here isn’t about value, it’s about auditing. Proof of work isn’t the point, participation and transparency are.
Besides, the line “The system would be based on blockchain technology, meaning it would be software that runs on a widely distributed network of computers.” proves someone writing the headline/article either ascribes features to blockchain that aren’t real, or have no good idea how it all works.
Oh, and DNS ‘runs on a widely distributed network of computers’. What was the point? Oh yeah,
I don’t know man, I just don’t get it. The whole point seems to be about judging between different versions of the truth.
The only thing that prevents someone asserting an alternative, albeit consistent version of history is the fact that they have to get lots of other sources to agree with them and there is a significant cost involved to be considered a bone fide a source.
If there were little or no cost involved anyone could simply spin up sufficient VMs to become > 51% of the total and their version of
This implementation uses mining. “Mining” is just a name for incentivizing proof of work, but proof of work is about verifying the integrity of the blockchain data.
https://handshake.org/faq [handshake.org]
> I’m all for an alternative to ICANN, VeriSign and DNS, but really
Unfortunately this does NOT replace certificates. It’s only a different way of propagating DNS. Even DNS-SEC does not mean you don’t need certs.
There’s this little problem called “man in the middle”. That’s what TLS certs are for. Without a TLS cert, your browser can ask the local router to please connect you to 1.2.3.4 and you can know that is the right IP, but you don’t know if the local access point is recording or changing the commu
I know, I know. Somebody is going to say “just put the cert on the block chain”.
Okay so I generate a certificate for Microsoft.com and put it on the block chain. Now what? You trust it because somebody published it to thr chain?
When you say “put it on the block chain” the question becomes WHO puts it on the chain? It’s only useful if a globally trusted party puts it there and it’s provide that it was added by that trusted party – a certificate authority. But if you have a trusted party they can just sign t
- Theoretically you could sign both the DNS entry and the cert, so you know the person who owns the DNS issued the cert. The bigger problem is knowing that MS instead of a random black hat actually owns the microsoft.com domain to begin with a central authority
- This is a way it could done, and the way signing authorities kind of already do it, is you have to put a file on your server to indicate you have current control of the domain. When you request a certificate for a domain you give a public key and you have respond to each request from each miner. So sure if you could hack most of the routers in the world you could fool the system but it would be hard, a way of not immediately crashing your web server would also be necessary from all the request . As for DNS
According to their FAQ, it allows self-signed certificates to be trusted, because the trust chain can be traced to the registration of the domain.
DNS has an additional feature that allows you to verify TLS certificates by storing a hash of your ‘SubjectPublicKeyInfo’. This means that there is now a P2P way to trust self-signed certificates, as long as they have a valid DNSSEC trust chain set up. Anyone can set up a valid trust chain without having to ask anyone’s permission to do so.
https://handshake.org/faq [handshake.org]
> as long as they have a valid DNSSEC trust chain set up.
DNSSEC, in turn, requires trusting Verisign, for . Com, and whichever root. You’ve only added more points of failure.
Since Windows has only a stub resolver, you also have to trust the WiFi and the ISP.
It’s turtles all the way down.
DNSSEC, in turn, requires trusting Verisign, for . Com, and whichever root.
Not on Handshake – it would require trusting Handshake’s blockchain proof of work.
Since Windows has only a stub resolver, you also have to trust the WiFi and the ISP.
What part of this would use the OS built-in resolver?
> Not on Handshake – it would require trusting Handshake’s blockchain proof of work.
How, precisely, do you think proof of work proves that I am (or am not) a representative of Microsoft?
The only thing the blockchain can prove is *when* I said “I am the security admin for Microsoft”. It cannot prove whether that statement is true, only that I made the statement.
Just like any DV validated SSL cert, it only proves that the keys were generated by the entity that also registered the domain. Except the organization can easily revoke by generating a new key and issuing new certs.
And the only thing that matters for SSL certificates is that you’re connecting to that same entity. Anything else is a problem to solve elsewhere.
- by DarkOx ( 621550 )
DNSSEC could replace domain validated certs. DNSSEC is enough to ensure the integrity of DNS records you get.
Yes someone could still muck with routing/ARP etc and intercept your traffic. The answer to that is to also put the servers public key in DNS records of some sort, maybe TXT maybe something new. You can know that is really the public key put their by whoever signed the zone and you can know your connection to the server is not being MITMed either because it will have the private key to produces me
> Yes someone could still muck with routing/arp etc and intercept your traffic.
Including your DNS traffic!
> The answer to that is to also put the servers public key in DNS records of some sort. You can know that is really the public key put their by whoever signed the zone
[Continued in the next post because Slashdot’s lameness filter sucks.]
What you would know then is that whoever sent you dns answers provided that public key. That only proves that the person who mitm the dns is the person who mitm> This will tell you at least as much as domain validated only certificate does; which (though I disagree) the rest of the internet world has settled on being “good enough”
Indeed, what the cheapest, lowest-trust certs (class 1) tell you isn’t sufficient. The proposal above is even less useful. A class 1 cert says that the person who created that cert controls the DNS responses Verisign gets from their on-premises root servers. Without Vsign, you know only that the person who created the cert controls th
But wait, there’s more. Suppose I can somehow get a fake cert. In order for that to be useful, most likely I’ll redirect you to the bogus site by sending you bogus dns responses. If it’s a dns TXT record that vouches for the cert, sending you bogus dns replies allows me to BOTH redirect you *and* send you a bogus cert.
If the certificate authority signs the cert, I have to trick both the CA *and* you, on two different networks.
How is this suppose to end DNS?
Fine we get a blockchain key, all fine and good… But am I going to remember Google is FE8ABCCD391299FE and Slashdot is EF44656ABD43ABD3
It will seem that shortly this will be become too unwieldy and will need some sort of Domain Name System to help Map the Block Chain Key with a common name that we can easily remember.How is this suppose to end DNS? Fine we get a blockchain key, all fine and good… But am I going to remember Google is FE8ABCCD391299FE and Slashdot is EF44656ABD43ABD3 It will seem that shortly this will be become too unwieldy and will need some sort of Domain Name System to help Map the Block Chain Key with a common name that we can easily remember.
The current system is a bit more complicated than that. The busiest host names (such as www.google.com) have multiple computers answering to that name. When I resolve www.google.com it may be different than when you resolve google.com. Then we have the mess of both ipv4 and ipv6 in the wild, so we have addresses based on which protocol version you use.
- Ah yes, blockchain. So DNS requests can take days, instead of miliseconds.
- @anonymous > ’nuff said.
blockchain, cloud, devops, agile
- Namecoin [namecoin.org]
IP v6.
Using bitcoins blockchain? (Score:5, Informative)
by Viol8 ( 599362 ) on Thursday June 06, 2019 @06:06AM (#58717934) HomepageDoes that mean it’ll take 30 mins to do a lookup then?
Joking aside, no one having control might sound good but in reality it could mean chaos and an inability to rectify mistakes easily if at all. If someone grabs your address when youforget to renew after it expires (and how will expiration work?) how will you get it back from them if its all distributed?
- How do you determine if somebody is running a service on it?
> If someone grabs your address when youforget to renew after it expires how will you get it back from them if its all distributed?
Easy, you don’t. Code is law, at least on real blockchains…
It’s even worse…
30 mins at the least to register a name and it will cost eventually 100x more time and effort than doing it via ICANN. Store of Value? F*ck BitCoin.
That said I remember since roughly 2010-2011 various projects tackled dns blockchain idea. The earliest one I can remember is Namecoin and it’s still alive and no body uses, just like every other project.
So look seriously – p2p implementation of blockchain is fine technology itself, however it’s utterly useless without users, so forget about it
- by jythie ( 914043 )Yeah, I suspect they person is thinking in terms of economic potential here… everyone has to pay to do lookups, miners get paid for validating.. microtransactions for all!
It’s a bit worse then that. DNS was designed to be stateless for a reason.. You don’t necessarily want perpetual attestation for example when you’re testing an application. Though the author means well, their assumptions are a bit far fetched. Even the summary is misleading:
See that little padlock icon in your browser bar, to the left of the domain name? That means your computer has verified that your connection to this website is encrypted and that the site is authentic, not a fake one designed by a criminal trying to steal your login credentials
It does no such thing. It merely confirms the _certificate_ is indeed legit but does nothing to say the endpoint hasn’t been compromised nor anything (lawful or otherwise), in between. That is pretty critical since the proposed s
The summary is misleading. But the FAQ on the project web site is a little more clear:
DNS has an additional feature that allows you to verify TLS certificates by storing a hash of your ‘SubjectPublicKeyInfo’. This means that there is now a P2P way to trust self-signed certificates, as long as they have a valid DNSSEC trust chain set up. Anyone can set up a valid trust chain without having to ask anyone’s permission to do so.
Re:Using bitcoins blockchain? (Score:4, Interesting)
by gbjbaanb ( 229885 ) on Thursday June 06, 2019 @07:02AM (#58718078)How much memory does your browser use today? Well soon it’ll need an extra few gig just to store its DNS lookups!
Or, I know, we can offset that by moving the blockchain ledger to anorther server and letting your broswer do a lookup via an API request, and maybe we could then put older parts of the blockchain on different servers and…. oh…
Re:Using bitcoins blockchain? (Score:4, Interesting)
by Jason Levine ( 196982 ) on Thursday June 06, 2019 @08:30AM (#58718302) HomepagePlus, as long as you’re using words to describe websites, you’ll need some way of dealing with multiple sites wanting the same word. What will happen if Widgets, Inc. wants people to get to their site when “widget” is typed, but Wholesome Widgets wants the same? Do they both get the name and it’s a toss up whose site you get to? Does one person get the name? Who decides who gets it? What happens if Evil Scammer grabs the name first and one (or both) of the valid companies is trying to get it back?
how will expiration work
Why do domains expire anyway? Is it just a money grab by the companies?
.
- by jythie ( 914043 )People die or lose interest, companies go out of business, clubs and institutions vanish. Expiration provides a mechanism for entries to return to the common pool if no one is using them as a default rather than someone having to take explicit action to do so.
Re:DNS is not perfect, but…. (Score:5, Informative)
by Calydor ( 739835 ) on Thursday June 06, 2019 @06:49AM (#58718046)Also note that he isn’t actually going to rearrange the IP system. DNS is effectively a GUI for IPv4/6, creating an easy-to-remember alias for an essentially random string of numbers. But if you know those numbers you can STILL access that particular site no matter how corrupted the DNS system becomes.
Unfortunately, name-based hosting means that in order to access a site this way you’ll at least have to simulate (with hostfiles, a local DNS server or whatever) DNS pointing to the site you want to go to, because the HTTP and HTTPS schemes don’t allow you to stipulate both the name and the IP address at the same time.
Re:DNS is not perfect, but…. (Score:5, Informative)
by lucasnate1 ( 4682951 ) on Thursday June 06, 2019 @07:17AM (#58718106) HomepageThis is not exactly correct since it is possible for different sites to have the same IP and use the host field in the HTTP request to know which site to serve.
Re:DNS is not perfect, but…. (Score:5, Informative)
As well as the same site having different IPs for loadbalancing reasons, so all people can visit the website, not just a few. (Or receive email or do whatever the sever is configured to do.)
- by Kokuyo ( 549451 )
Just none of the hyperlinks are going to work…
Unless you link to the IP, which can be a thing.
- by thegarbz ( 1787294 ) on Thursday June 06, 2019 @06:22AM (#58717968)
For a moment I thought it was being serious but then right there in the summary it says that this is all a silly April Fools joke:
“The system would be based on blockchain technology”This is one of the things for which a blockchain with a distributed authentication mechanism (the latter being the important aspect, not the blockchain) is the right data structure and algorithm. People pitch blockchains for applications which don’t really need trustless ledgers, but that’s exactly what DNS and certificates need.
However, putting it all in a blockchain, a separate one even, is not a good approach. They should create top level domains that are anchored in a blockchain, but are otherwise struc
New? … How is this different from Namecoin? (Score:5, Interesting)
by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Thursday June 06, 2019 @06:22AM (#58717972)How is this different from Namecoin [namecoin.org]?
That’s an honest question. What does this solve that Namecoin doesn’t?
- by jythie ( 914043 )It solves the authoring wanting to design their own thing rather than someone else? Designing new stuff is fun!
That’s an honest question. What does this solve that Namecoin doesn’t?
NIH.
*I* know what MINE does, it’s obvious. I can’t figure out what YOURS does, it’s so confusing. So I solved the problem… (for me and the ENTIRE WORLD. Or at least the former.) Ob pic [xkcd.com]
Since we skipped over DNSSEC and went straight to Buzzword Blockchain Plaid, why don’t we start talking about IPv9 migration too.
DNS needs some securing. We’ve known this for literally decades now. Enhancing host files with encryption seems like a dumb way to do it.
I think you missed the entire concept. This is about decentralizing *who* decides who owns what name. Essentially those who value a name most get it. Yep…it is supply/demand at its worst (or best), but I think it might be better than having ICANN or some other organization arbitrarily decide who gets to own XXXXX.amazon.
DNSSEC is about preventing certain attacks such as DNS cache poisoning, but it still depends on someone deciding who gets a particular DNS address. It will prevent people from doing “
I think you missed the entire concept. This is about decentralizing *who* decides who owns what name. Essentially those who value a name most get it. Yep…it is supply/demand at its worst (or best), but I think it might be better than having ICANN or some other organization arbitrarily decide who gets to own XXXXX.amazon.
I can’t think of a more dangerous and idiotic concept. It’s like people never learn. Always the tech heads who think they are being clever with protocol design and “new” ideas while completely ignoring governance. Here ignorance is deliberately explicit.
Look at me. I run a criminal enterprise and I own a botnet
As for Arbit
Or Tor, which uses a DHT, with extra CPU requirements I assume.
- by richy freeway ( 623503 ) on Thursday June 06, 2019 @06:35AM (#58718012)
“Handshake wants to decentralize it by creating an alternative naming system that nobody uses”
All they need to do is convince the major browsers (Chrome, Firefox, MSIE, Safari) to resolve with the Handshake blockchain before the current DNS and then EVERYBODY will use it. Or get some of the major DNS servers to put there Handshake process on UDP53.
While getting a browser extension downloaded to every browser is certainly a daunting task, this should not be about convincing the individual users…a few select entities can be the critical mass to jumpstart this. While DNS is used for a lot of things
maybe the first time i was actually thinking; this looks like an interesting and useful implementation of blockchain.
I went to https://letsencrypt.org/ [letsencrypt.org] and go a free thingy that will show you a nice lock. I di not need to show any ID, I just follow the howto and I use it on a dynamic IP.
A person could (potentially) let my domain point to his server, follow the steps on letsencrypt.org and be a happy camper with my domain. Scripting the whole thing is trivial.
- by DarkOx ( 621550 )
In my view LE has a been a disaster for security. Not that a lot of the other CAs were not running around selling domain validated only certs just so they could create the EV cert racket but LE has basically removed even the potential one might be able to follow the money back to who paid for the cert in the case of a malicious actor. Now than of course someone could have used a prepaid card etc; but the browser/OS/etc vendors should have the CAs to a standard of at least not accepting those things as wel
- I also agree that Google and others are wrong in hiding the location bar. Pain the in butt to copy and paste when you didn’t want the protocol in the clipboard, but you can’t not select it.
However I don’t agree with this, at least not completely but generally I see the point:
The biggest issue IMHO is that LE will sign anything
Which in a way the next sentence almost goes with my opinion:
Because all the cert really says is that yes you are connected to the machine that really is slsshdot.org not anything
- by Nikademus ( 631739 ) *
but it’s almost the worst way to achieve it.
This is the opposite of the problem. (Score:5, Interesting)
by sg_oneill ( 159032 ) on Thursday June 06, 2019 @07:44AM (#58718188)The problem with DNS is that it isn’t well regulated. The main
The DNS registrars should have been insisting on proper company registrations and policing squatters and preventing third party reregistration for at least a few months. Blockchain cant solve this. Only good dnssec and legislation egislation can
Certs are different. The problem is the resgistration cartels charging silly money. Lets Encrypt has gone some way to fix that, but even fixing the problem of stolen certs its still not clear how t tell if the legitimately signed site is, well legit. This should be replaced with a web of trust concept. Let Visa and Mastercard sign sites that process cards. Let the AMA or the Royal college of surgeon sign medical sites. Let the Govt sign govt sites. If I want to start my own network of sites, let me sign them
And then the browser user can decide if they trust the banks, or the govt, or the doctors or if they trust me, or whatever. And if they dont trust them, then great, dont trust the site and present the browser owners some options on what to do next. No more cert cartels, and the people certifying sites are the people with the expertise in the area. Web of trust.
Wish I had mod points for you today.
- by t0rkm3 ( 666910 )
I think you mean: Abusing power because their actual pay masters require it. Not the silly voters.
“That’s less than 0.004% of all possible 8 character domain names, for example. There’s plenty of room.”
The abundant availability of domains like “ds1c8t5y.com” and “nuk98w7j.com” is not really a meaningful metric.
the naming system itself can provide the guarantee that the site you’re connected to is real
No it can’t, it can maybe guarantee others have vouched for your reality but as we see in politics, that doesn’t mean much in regards something being a fact/reality.
It’s a permanent registration system so if I own BankofAmerica first, I can pretend to be BoA regardless of whether the rest of the world agrees with me unless you want a system where names can be arbitrarily removed and changed by some minority consensus
Blockchain based? (Score:4, Funny)
by Parker Lewis ( 999165 ) on Thursday June 06, 2019 @07:58AM (#58718222)A DNS based in a blockchain implementation? You know what does it mean? We’ll never see a real product!Blockchain is a ledger it is not magic (Score:4, Interesting)
> if one [cert authority] gets breached, and an attacker can start issuing fake certificates… But if website names are managed on a tamper-resistant blockchain…
How is issuing unauthorized but valid certs any different than publishing unauthorized but valid blockchain events?
and how much of the entire ledger does every participant have to keep on their workstation ? Just the tip? How much bandwidth will be consumed by my constant downloading of new blocks as people publish new updates? Blocks that hold records I will never, ever use in requests but I will need to validate sequential blocks that might have the answers I need. If I don’t want to have a constant drain on my bandwidth, then I’m trusting someone else to hold the ledger for me, and I’m not significantly better-off than I was with DNS.
This would still be vulnerable to the 51% attack.
Could a widespread botnet take this over? Or a large country like China?Nothing on the Internet is 100% secure. If there are enough machines worldwide working on this blockchain then a 51% attack would be difficult to achieve. But it’s a big ask.
Also, do you really want your phone, laptop, and/or router working on this in order to keep it secure, and thus using up battery power and electricity?
the DNS system is all those things that the pseudo arguments of this solution in search of a problem pretends to do…
I have been a strong supporter of “Internet 3” for years and part of that goal is to eliminate government and corporate control over people including DNS.
The goal of this is noble which is to take control away from government(s) and the corporations. A blockchain could be utilized in some way, but this still isn’t good enough, there has to be a mechanism so that NSA and all their computers can’t in effect re-“fork” it and seize control over domains. Ideally we need a mechanism that doesn’t even depend on a
CRC is not useful for data integrity. If I assume 32 bits, you can choose any 4 bytes to modify, choose value for 2 if not 3, and calculate the other 1 or 2 bytes to get a valid CRC32. Multiply by 2 for 64 bits.
I assume you meant some sort of cryptographically secure hash.
Crc 32, most common in zip files, is decent at detecting file damage, but that is not data integrity.
The summary is pure word salad. There might be something useful here but the summary does not motivate me to read it.
The part about replacing certificates is especially amusing. One way or another, you need to have some authority certifying that such as such site is “valid”. Magical blockchain fairy dust will not change that.
Not how a website “gets its name”.
Remember, this was probably written for an audience that invests in blockchain projects.
In other words, a DNS resolve will take somewhere between a couple hours to a couple days, but at least you can be sure that your provider will not block the latest ransomware trojan trying to resolve fuewfhwe34hjerkjasdfdaiofasd.cn.
Blockchain! Synergy! Paradigm shift!
What a load of horse shit.
-Miser
- If you require such a system, that forces some embedded electronics products to have an order of magnitude more resources (RAM, ROM, MHz). And, now that I think of it, this would “waste” more electricity on EVERY computing device, forever going forward, that would perform such a look-up. It’s the same complaint I have about Google insisting that all websites (like weather forecasts?) be encrypted.
- Lots of people come up with new ideas to replace SMTP, DNS, HTTP, etc. The bottom line is that if it requires everybody to move to a new system, it’s DOA. It MUST be compatible with current DNS.
- Well, there is already DNS over HTTPS whic is stealthily implemented in browsers. It has DNS behind it, but could potentially query any database.
We have had to block it, as it breaks our internal blacklist.
- It cannot work, unless the blockchain is supported by a support vector machine controlled by a multilevel neural network that navigates through a random forest of virtual machines, whose purpose is to fuel the multi-level marketing resellers who offer this crap^H^H^H^Hadvanced technologies to very competent investors.
…and no-one can ever take it off me
I’m often amazed by what Slashdot story summaries choose to define and what they don’t. Name for Linux distribution specific to tracking frogs? Everybody knows FTINUX. Fundamental internet protocol? Better define that one.
With the proliferation of TLDs, you can’t be sure a domain name takes you to where you want to go. For instance, up until recently dicks.com [slashdot.org] took you to a porn site instead of a sporting goods store.
Everyone already does a search on their favorite search engine, even if they are reasonably sure they know the domain name. This prevents typo-squatting and obscure urls from being a problem.
- by holophrastic ( 221104 ) on Thursday June 06, 2019 @10:15AM (#58718776)
“Decentralized authorities” are one of those terms that people have forgotten a lot about. They used to be everywhere, and civilization determined them to be horrendously evil, and hence centralized systems emerged instead.
Great, so you’ve covered DNS (which works just fine), and you’ve covered SSL Certificates (a system that’s more broken than any I’ve ever encountered).
Now, when an authorized site is suddenly determined to be run by criminals, how do we shut it down? How do we remove it from handshake? You have an answer? That’s great!
Now, how do we stop criminals from shutting down legitimate sites?
Those two sides of the same problem are possibly the reason that centralized systems are necessary. It’s a feedback loop that never ends.
Now, criminals shut down a legitimate site, how do we bring it back?
Oops, it actually wasn’t legitimate, take it down again!
Okay, they’ve paid the fine and fixed the problem, and it wasn’t their fault to begin with, put it back up.A central authority makes all of that possible, and potentially very easy and very expedient. Tell me how your decentralized authority handles repeated challenges to legitimacy.
It’s the wild wild west all over again. That’s why we took power away from sheriffs, and gave it to courtrooms.
Handshake aims to become another reputation-based system suffering from yet another mob mentality.
So as a User I select which name translation method I want to use in the browser, for sites I visit, or some combination to potentially expose a problem to alert me to be cautious of a site or expose censorship. Two ways of checking viability of site if so determined need to?
- one who controls 51% owns everything? how does it work with 1% owning 80% of assets?
If you want your own “ledger” there’s nothing stopping you from keeping your own DNS list now.
- Or your own DNS server, Saves you the hassle of distributing files.
The primary issues with DNS are ICANN and piss poor protocol design.
Lets fix that not ignore all responsibility and mistake total anarchy for progress.
The DNS is already distributed. You can run your own server if you want, and you can even change slashdot.org to hellokitty.com on your own server if you want to. You can even make that public and tell people to point their DNS clients to your server. It just turns out that there’s almost no demand for that, except maybe for the occasional hack just for grins and giggles. Having an alternative DNS that requires us to bring a new nuclear plant online for “the power of blockchains” should fail hard.
- Precisely.
Interesting how many who do not quite understand how DNS works…
But if website names are managed on a tamper-resistant blockchain
OK, if it is ‘tamper-resistant’, then how do you make changes and edits? If Bob wants to say bob.com is at 1.1.1.1, but Bobby ALSO wants to have bob.com point to 1.1.1.2… who is correct? Who controls this?
- There is already DNS over HTTPS which is creating security issues.Do we need another protocol to create more?
Also: With a lack of implementation of the available security meaures in DNS, the world is definitely not ready for the massive work needed for another name resolution protocol.
As any new name resolution technology will need a fallback to classic DNS anyway, the adoption will be worse than IPv6.
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Related Links Top of the: day, week, month.
- 1044 commentsGovernment Shutdown: TLS Certificates Not Renewed, Many Websites Are Down
- 1022 comments‘Universal Basic Income Doesn’t Work’
- 898 commentsWhite House Says Anonymous ‘Coward’ Behind New York Times Op-Ed Should Resign
- 782 commentsCalifornia May Become First State To Require Companies To Have Women On Their Boards
- 679 commentsBernie Sanders Introduces ‘Stop BEZOS’ Bill To Tax Amazon For Underpaying Workers
Slashdot Top Deals
- Get more comments
- 100 of 153 loaded
Mausoleum: The final and funniest folly of the rich. — Ambrose Bierce
