
The Internet Is Controlled by 14 People Who Hold 7 Secret Keys - Yuval_Halevi
https://www.businessinsider.in/The-Internet-Is-Actually-Controlled-By-14-People-Who-Hold-7-Secret-Keys/articleshow/31232908.cms
======
theamk
Um.. no? Those are DNSSEC keys, so they do not really matter. AFAIK, no one is
using DANE yet, so what’s the worst that someone with access to those keys do?
Modify unencrypted traffic? Cause DOS attacks? This can be done without the
keys already

------
tptacek
Well, allow me to retort.

[https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-
con...](https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-control-the-
internet/)

------
rasengan
Blockchain technology, and in other words, a distributed, decentralized record
store shared across multiple participants, is the perfect technology to
disrupt the heavy centralization of naming.

This is one of the few places the use of a blockchain will shine.

~~~
theamk
I highly doubt it. We’d still have a dispute process and law mandated domain
transfers, so there would need to be a centralized regulator. The transparency
is nice, but you do not need full blockchain for this - something like SSL’s
Certificate Transparency would work much better.

------
EGreg
It’s time to move away from relying on DNS which is a glorified federated
search engine for hostnames.

Just use non human readable names, like magnet links and Kademlia distributed
hash tables for example.

If you really need a search engine to map something to these names, then share
THAT magnet link(s) with them. Why have a monopoly on DNS?

~~~
octosphere
> Why have a monopoly on DNS?

Because for now it's the only mechanism that we all use to do lookups. Magnet
links are too tedious to give out over the phone - domain names are catchy and
memorable and can be easily said over the phone. This is why people brute
force Tor .onion addresses to something memorable, like Facebook's .onion
[https://facebookcorewwwi.onion/](https://facebookcorewwwi.onion/) And I
suspect if you start using magnet links that people will find a way to make
them memorable too

~~~
EGreg
Let’s look at those reasons.

We will have a monopoly on X because that’s what we all use and that’s how
we’ve always done it. No alternatives are needed.

\- Well does that reason work well in any other area of life?

“Too tedious to give over the phone” - usually you give a business card or
email a link of sms a link. And all you can give over the phone is

    
    
      A easy to pronounce domain name
      With no ambiguities
      With a common tld
    

And even then, ALL you can do is give out the homepage. Any other resource
deeper on your site — and you don’t use your phone do you?

Do you use the phone to give out the URL of an article on nytime.com or video
you posted on youtube? Thus the VAST MAJORITY of links you don’t give out on
the phone.

If you DO want to give something out on the phone then people can just google
for it. Or use another search engine

DNS is literally the search engine with the least features. Google lets
youfind any resource within your site, and even lets you misspell stuff. How
is that not strictly better?

To summarize:

ICANN monopoly is replaced with search engines, which do far more than find
your homepage from an exactly spelled domain

Magnet links can be memorable via search engines

Links are usually NOT to the homepage and are not really human dictated anyway
(eg youtube)

Tunnelling an internet resource address through a phone conversation is pretty
bad anyway, but better to allow innovation in it like searchh engines or just
text the link afterwards (as most people do)

Links are usually replaced with nice-looking thumbnails and titles in UI

In Javascript and other languages, it’s no big deal to hold magnet links in
variables.

~~~
theamk
There is a second way to look at DNS: together with CA system, it proves the
website identity. When an email sends me to payment page, I look at address to
confirm: yep, it says “hsbc.com”, I can enter my financial details there. Or:
It says “ubuntu.com”, I can download software from there.

For that to work, there needs to be a single registry, with human mediators
and subject to legal process. I want to know that even if company loses
control of their private key (like microsoft.com did once), the sitation will
still be resolved very fast.

Note that strictly speaking, this is about CA system, not about DNS. But those
systems are deeply linked to each other, so it makes no sense to replace one
while keeping the other one around.

~~~
EGreg
That doesn’t seem to follow, in fact it just may be dangerous:

[https://www.fourmilab.ch/documents/digital-
imprimatur/](https://www.fourmilab.ch/documents/digital-imprimatur/)

Proving to X that you’re Y doesn’t have to involve a monopoly either. Who says
someone can’t bribe Google Places or a CA and say that a domain matches a
restaurant. How do they reliably check millions of businesses anyway? Don’t we
rely on lots of third parties, network effects and our own experience anyway?

In short, X could use stuff like Verified Claims by Z to find out facts about
Y. The collection of those facts make up its identity to X. None of this needs
a centralized database.

[https://www.w3.org/TR/verifiable-claims-use-
cases/](https://www.w3.org/TR/verifiable-claims-use-cases/)

When you lose control of a private key for your stuff, the solution isn’t to
run to some daddy corporation which also has it and could impersonate you the
whole time. You can have eg Shamir Secret Sharing with 5 other people. You
could have part of a backup key derived from a known passphrase or biometrics.
And so on.

~~~
octosphere
Glad you mentioned Network Effects[0]. I forgot to mention that in my original
comment. So yeah; that's why DNS is popular & centralized; the more people
that use the network, the more valuable the network.

[0]
[https://en.wikipedia.org/wiki/Network_effect](https://en.wikipedia.org/wiki/Network_effect)

