
Decentralized Naming and Certificate Authority - LinuxBender
https://handshake.org/
======
danShumway
I know the handshake devs/maintainers are active on here. I've heard
explanations from y'all about how handshake tries to solve the squatter
problem. As far as I understand those explanations:

\- Names are released at a trickle, meaning no one can buy all of them in one
go.

\- Names have to be constantly renewed (it's not a buy-once-keep-forever
scheme), and (correct me if I'm wrong), you can't buy 10 years out in advance.

\- A large portion of the initial names are reserved for Open Source
developers, under the assumption that squatting won't be so much of a problem
if they get first pick.

It's still not clear to me how this solves resource scarcity.

\- If names are released at a trickle, does this mean I might want to register
a domain for a project and there literally won't be any able available for me
to choose from?

\- If names have to be renewed on a year-by-year basis, is there any mechanism
for archival? Won't this be strictly worse for link rot?

\- If names are released at a trickle, doesn't this create an even greater
incentive for both good and bad actors to grab them as soon as they become
available?

I'm mildly interested in Handshake because based on very limited research it
seems in general to be an improvement over what we have. I get that perfect is
the enemy of the good, I would take almost any improvement over the existing
system. But at the same time, I still just don't understand how this helps
solve the squatter problem -- every once and a while I ask and get an
explanation, and then think about it for a while and end up having more
questions.

My perspective is, we want everyone to be online. We want everyone to have
their own blog, we want people to be able to create websites on impulse. And
we want resilient, long-term links that can serve as permanent addresses for
content. The idea of combating squatters is based on the assumption that
domain names will continue to be a scarce resource. But you fundamentally _can
't_ have domains be a limited resource that are difficult to hoard if you also
want random/poor elementary school kids to be able to buy them.

Handshake talks about solving Zooko's triangle: human-meaningful,
decentralized, or secure. But the way I originally heard Zooko's triangle
explained to me (which may have been wrong) was: human-meaningful, secure,
high-availability. Am I correct in assuming that in the second version,
Handshake is optimized for human-meaningful and secure at the expense of high-
availability? That domains will continue to be a limited, scarce resource that
are susceptible to hoarding by people with lots of money? Or are there other
mechanisms here that I don't understand?

~~~
troquerre
\- Names are released over the course of 52 weeks. Determined by hash(name) %
52. So at worst the name you want to register will not be available until ~51
weeks from now (Handshake launched last week!). \- Names have to be renewed
bi-annually. You don't need to pay a fee, you just need to submit a
transaction to prove you still have access to the private key. I don't think
this will be any different than the existing DNS in terms of link rot. \- I
think the main thing names being released over time does is it allows for more
people to find out about Handshake and start competing for the good names
before they're gone. In an ideal world, everyone would know about Handshake at
the same time, and so any name that is registered has the maximum competition
for it. That world is not feasible but we can get closer to it by releasing
names over time. \- I've only heard Zooko's triangle described in the first
way, which matches the wikipedia article on it
[https://en.wikipedia.org/wiki/Zooko%27s_triangle](https://en.wikipedia.org/wiki/Zooko%27s_triangle)

Disclaimer: I'm the ceo of Namebase.io, we built a registrar for Handshake
domains and exchange for Handshake coins (HNS), so I'm pretty bullish on
Handshake.

~~~
danShumway
If I'm understanding you, the 52 week release is a one time thing, not a
continual thing? So it's not that names will be continually trickle-released
it's that for the next 52 (51) weeks, they'll be trickle-released, and then
everything will be out there and this will work just like normal domain
registration? I was under the impression that the trickle release was just how
registration would work in general.

That doesn't seem to me at first glance like it's going to be that much of an
improvement over squatting, but again, I get that there are multiple goals
here worth accomplishing. And it is a much simpler system than needing to go
into a queue to register a domain.

Just to make sure I understand -- am I correct in saying that Handshake is not
designed to solve domain name scarcity, more to decentralize it so that an
organization like ICANN can't rent-seek on top of that scarcity?

~~~
rasengan
Additionally to combat squatting, to register a name, one needs to go thru a
Vickrey auction and bid on a name after it is released. Bidding continues for
about 5 days thereafter and there are 10 days to reveal the bids.

The winner pays the second highest bid.

~~~
danShumway
Wait, what?

That seems like it could have a _lot_ of unintended consequences, to the point
of invalidating all of the benefits from having tons and tons of new names. I
have a lot of follow questions about the potential for abuse.

From the squatter/troll angle: if I'm a troll or I'm trying to steal good
names before anyone else can get them, what stops me from monitoring the
current auctions and stealing domains by bidding above the statistically most
likely market price for that domain? Users have to _guess_ in advance how much
a domain will cost?

From the decentralized, anti-corporate angle: if I'm Comcast, what stops me
from monitoring the current auctions, and blocking anyone who tries to
register any variant of `comcastsucks`? With the current system, that's
prohibitively expensive since there are tons of variations that I'd need to
preemptively register. With the system you're describing, it costs me nothing
until someone tries to register a domain that triggers my Regex, and then I
just outbid them and block any domain that criticizes me, because as a company
I'll always be able to trivially and safely outbid any single person.

From a general user angle: does this mean I have to wait 5 days to register a
new domain? With the current system, I can set up a brand new website in a
single evening, and all I need to do is find a name that isn't taken yet -- I
don't have to worry someone else will see what I'm doing and snipe my
purchase. With the system you're describing, I have to wait 5 days to discover
whether or not I'm actually going to be able to buy the domain I want at all,
and if I don't get it, then I need to repeat the entire process?

I have so many questions about this system now. There _has_ to be something
you're leaving out here. I can't imagine using a DNS registrar that made me
wait 5 days to discover whether or not I got to have the domain, or that made
me guess how much it would cost at the risk of losing the entire domain. If
there aren't other details you're leaving out, that's a strictly worse system
than what we have right now.

~~~
troquerre
The auctions are semi-blind. You bid, and can optionally add a blind to your
bid. The network sees your combined total bid + blind, but won't know your
true bid value until the reveal period. So if you want to guarantee you win an
auction, just make sure your bid is greater than the highest existing total.

~~~
danShumway
> if you want to guarantee you win an auction, just make sure your bid is
> greater than the highest existing total.

How do I do that if other people's bids can contain blinds? How do I know what
the highest existing total is -- I still have to guess everyone else's total,
right?

And even if the auction wasn't partially sealed, even if it was completely
public -- I don't see how my concerns above would go away. Isn't it still
possible for companies who can trivially outspend anyone else to do regex
matches on all of the current auctions and dominate the entire domain space?
Don't I still need to wait 5 days to do something that I can do today in less
than an hour?

Learning about auctions pretty much entirely, just by itself, took me from
thinking, "it's not perfect, but it still seems almost universally better than
what we have" to, "no, this would be a massive downgrade from our current
system." I thought the point was to stop rent-seeking, not to implicitly allow
every fortune 500 company and government to personally vet/block every single
domain transaction.

The auction system being described here doesn't just focus on other problems
other than name scarcity, it makes the name scarcity problem _way worse_. If
I'm China and I want to censor this system, what stops me from monitoring the
auctions and throwing a measly $2000 at any domain name that sounds critical
of me in any way? What's the point of having a distributed or decentralized
protocol in that scenario?

~~~
hpfr
> How do I do that if other people's bids can contain blinds?

You're right, you can't. I'm not sure what "just make sure your bid is greater
than the highest existing total" means when blinds are in the mix.

> If I'm China and I want to censor this system, what stops me from monitoring
> the auctions and throwing a measly $2000 at any domain name that sounds
> critical of me in any way?

Nothing, but there are quite a few(TM) domain names. Everything that isn't an
ICANN TLD (or a future ICANN TLD, I guess--not sure how that would work) is
available. I don't think a government could reliably censor all objectionable
TLD's.

Furthermore, once you own a Handshake TLD, you become the registrar for that
TLD. So every subdomain is yours to sell, no auction necessary. So as long as
someone purchases some simple TLD and is willing to sell you some relevant
subdomain, you're good. It's not really necessary to have censorthis/; you can
just buy censorthis.sometld. Of course, then you do depend on the owner of
sometld as a registrar, but that's not very significant given the space of
TLD's available. It wouldn't be difficult to find a new registrar if something
happened.

~~~
danShumway
> Nothing, but there are quite a few(TM) domain names. Everything that isn't
> an ICANN TLD (or a future ICANN TLD, I guess--not sure how that would work)
> is available. I don't think a government could reliably censor all
> objectionable TLD's.

If I understand correctly (and maybe I don't), the domain being auctioned is
public. With the current system, a government can't censor everything because
doing so would require them to pre-emptively grab the entire space, which is
economically infeasible. With public auctions, my understanding is they only
need to pay attention to the domains someone actually tries to register. So if
I'm China, I don't need to preemptively register the entire space of
`/tiananmen/g`. I only need to download the list of auctions every day and run
a regex on that finite space.

Of course, they can't restrict subdomains, so maybe that allows people to
sneak stealth TLDs through without getting censored. But (see below) it seems
like actually owning TLDs is _really important_ , so I still need to navigate
a space where every troll and every government and every fortune 500 company
is given the opportunity to snipe every TLD I want, and it seems like that's
at least an opportunity for wild price increases on TLDs.

> Of course, then you do depend on the owner of sometld as a registrar, but
> that's not very significant given the space of TLD's available. It wouldn't
> be difficult to find a new registrar if something happened.

Can you expand on this?

Right now, if I lose a .com domain, I can find a new registrar and set up a
different domain. But all of the links to my current domain will be broken,
and if I'm using that domain for email I'll have lost control of all the
emails being sent there, and I'll basically be starting over from scratch.

Part of the reason I've avoided "novelty" TLDs like `.tech`, `.party`,
`.amazon`, etc... in the current system is because many of them are completely
privatized. The owners of those TLDs can raise prices however they want, and
can kick anyone off for any reason. And if I'm tying my entire business or
(even worse) my entire online identity to one of those domains, that would
catastrophic.

If a registrar behind a top level Handshake domain goes bad, is there a
mechanism where I can switch registrars and keep myself as a subdomain of the
original TLD? If not, won't I be in the same position?

The thing that's attractive to me about Handshake is owning TLDs -- being able
to own something that can't be arbitrarily taken away from me by a centralized
authority. Otherwise I haven't gained anything as a user over the current
system, I've just lost any regulatory price caps that might exist.

\----

I guess I can register an innocuous TLD like `danshumway`, hope the trolls
don't notice and outbid me, and then use it as a private TLD I control.
Realistically, to preserve privacy and avoid linking everything I do together
under a single identity, I'll likely want at least 4 or 5 TLDs, possibly more.
I don't think I'm atypical there. Anyone who's using a domain for their email
or an identity server will want to own that TLD. Is the system designed to
scale to that?

Direct question to the people behind Handshake: what do you expect the average
cost of a generic 2-3 word TLD to be? A while ago I registered the domain
`animalsareignorant.com` for a personal art project I'm still working on. It
costs $10 a year. Are we expecting a TLD like `animalsareignorant` to cost
$100? $1000? A million? I assume you've done market research on this and
you're not just jumping in blind.

This isn't a theoretical question. When (at this point, if) I ever start using
Handshake, at some point I'm going to register a TLD and you're going to ask
me how much I want to bid for that domain. So if you expect people like me to
be able to guess on the spot what the market value of a TLD is, you need to be
able to point to some kind of measure that will keep that guess from being a
purely blind shot in the dark.

~~~
Ajedi32
> With public auctions, my understanding is they only need to pay attention to
> the domains someone actually tries to register. So if I'm China, I don't
> need to preemptively register the entire space of `/tiananmen/g`. I only
> need to download the list of auctions every day and run a regex on that
> finite space.

Sure, but since it doesn't cost anything to lose a bid (I believe?) if anyone
tried that it'd be pretty easy to force them to spend a _lot_ of money buying
domains that they have no intention of using. It also wouldn't stop anyone
from registering `tiananmen.massacre`, as you noted.

------
mankyd
> mail became Gmail, usenet became reddit, blog replies became facebook and
> Medium, pingbacks became twitter, squid became Cloudflare, even gnutella
> became The Pirate Bay. Centralization exists because there is a need to
> manage spam, griefing, and sockpuppet/sybil attacks.

No, centralization exists because users don't care about the protocol. Users
care about the brand.

It's way easier to use FB than it is to say "choose your hosting provider.
Each one has a slightly different set of features. Then link with other people
you care about, all of whom may be using different providers that you need to
pay special attention to." With FB, I click "send a friend request" and then
move on with my day. And that's just one example.

~~~
iamnothere
> No, centralization exists because users don't care about the protocol. Users
> care about the brand.

Brand is a proxy for the level of functionality delivered by that brand.

People didn't switch to GMail because it was a "cool" brand, they switched
because the spam filtering worked, Google gives you a ton of free space (a
problem at the time), and it didn't have obtrusive banner ads. This was passed
on by word of mouth, and now GMail is popular.

> It's way easier to use FB than it is to say "choose your hosting provider.
> Each one has a slightly different set of features. Then link with other
> people you care about, all of whom may be using different providers that you
> need to pay special attention to." With FB, I click "send a friend request"
> and then move on with my day. And that's just one example.

Exactly my point, the UX is better and the network effect ensures that
many/most of your friends are already there. It's not about branding, it's
about ease of use.

~~~
unlinked_dll
> People didn't switch to GMail because it was a "cool" brand

In the early days of gmail when you needed an invite code, it _definitely_ was
a status symbol to have that @gmail.com on your email address.

And at the time, the actual functionality of gmail was far less significant
than the fact it was free and decoupled from your internet provider, although
you're right the storage capacity on a free email was unheard of at the time.

~~~
Sohcahtoa82
> And at the time, the actual functionality of gmail was far less significant
> than the fact it was free and decoupled from your internet provider

If that was the real draw, then people would have just stuck with Hotmail,
Yahoo, and the dozen other e-mail providers.

~~~
stubish
Hotmail and to a lesser extent Yahoo were perceived as toxic, due to spam
mostly. There is still a website I frequent which requests customers email to
be 'preferably not a @hotmail.com address'. All the other email providers were
either restricted (companies, universities, clubs/guilds etc.), poorly run, or
tied you to fees (ISP provided, paid email providers, AOL).

------
troquerre
Shameless plug - if anyone wants to try using Handshake, we built a registrar
for Handshake domains and an exchange for Handshake coins (HNS) at
[https://namebase.io](https://namebase.io). We just launched last week but
there's already been a lot of usage so it'll be interesting to see what people
do with their Handshake domains when they become available.

------
sfusato
Went through the FAQ's, but still didn't understood much about how this is
supposed to work alongside ICANN/current DNS system. Well, I didn't got
Bitcoin the first 2 times either.

1\. "Browsing the web with human readable names is what Internet users have
gotten acclimated to." => give me an example of a "handshake" domain name in
this case

2\. I have some domains/sites not so popular (not in the first 100k Alexa
domains). I will only hear about "Handshake" in 5 years time when Handshake
completely replaced what we are using today, by which time, someone else might
have "registered my domain names". What do I do? Obviously I can prove I own
my .com/.net.

To site failed to answer some basic questions/concerns or give some real world
use case scenarios.

~~~
xur17
> I have some domains/sites not so popular (not in the first 100k Alexa
> domains). I will only hear about "Handshake" in 5 years time when Handshake
> completely replaced what we are using today, by which time, someone else
> might have "registered my domain names". What do I do? Obviously I can prove
> I own my .com/.net.

This is one part that Handshake does not explain very well. The existing
domains and tlds that icann owns will continue to work moving forward. The top
100k Alexa domains bit works like this:

For the top 100k alexa domains, the owner receives the root of the domain as a
domain in Handshake (ex: the owner of `example.com` receives the domain
`example` in Handshake). All `*.com`, etc domains continue to operate as they
have in the past.

~~~
withinboredom
What happens if someone gets “amazing/“ and then I pay icann to get .amazing?

------
matt2000
Decentralized systems generally have pretty complicated governance models and
technology to support them, making it easy to get lost in the details. I've
found when trying to assess things like this it's best to find a critical
question and find out the details of the answer. For the case of decentralized
naming, one interesting question tends to be "What happens when someone
registers cocacola.com?"

Usually the answer to that question reveals whether the system is A) not in
fact decentralized, or B) not compatible with laws in most jurisdictions.

Anyway, not necessarily a specific critique of this system since I don't know
the answer to the question in this case. More just a useful framework I've
found to assess distributed systems without getting mired in execution
details.

~~~
troquerre
All the existing TLDs like .com and .net are blacklisted so that only the TLD
owners can register them. The claiming process for blacklisted TLDs uses
DNSSEC so there are no third parties involved in the process. In addition, the
top 100k Alexa domains are pre-registered so that only the domain owners can
register those domains as TLDs (only google.com can register .google). That is
done through DNSSEC as well.

~~~
xoa
This is useful info and should really, really be in the FAQ. Like, right at
the top, because I don't think it's clear right now at all what happens to
regular domain holders using them for email, their own services, intranets and
so forth. If those in the current registrar system have a _reliable_ path to
transition/try it out at some point that's a good start.

Edit to add: your namebase.io FAQ seems a lot more useful than the handshake
one. For starters it clarifies that there is a confusing terminology
difference, where I guess the handshake people are using "domain" to mean
"TLD" and "subdomain" to refer to what everyone typically calls a domain. So a
core offering of this system appears to be a blockchain based replacement to
the $150k+ (or whatever it is these days) "get your own arbitrary TLD" thing
ICANN did, "anyone" gets to register their own TLD. But that raises more
questions, like where the actual hardware behind all this goes particularly
for existing TLDs which are blacklisted.

~~~
LukeBMM
> This is useful info and should really, really be in the FAQ. Like, right at
> the top, because I don't think it's clear right now at all what happens to
> regular domain holders using them for email, their own services, intranets
> and so forth. If those in the current registrar system have a reliable path
> to transition/try it out at some point that's a good start.

Seconding this. I did not pick up on that at all.

------
aSplash0fDerp
Seeing how Internet 1.0 is getting cannibalized by big business and
governments, I'm hoping to see HS and other orgs start working on an offline
mesh network and devise a completely new system of information distribution.

Humanity appears to be changing the public park infrastructure of the Internet
into a paid-access theme park, with [them/someone else] writing the rules. It
doesn't look like the righteous, tech illiterates, political manipulators or
shareholder driven groups are going to relent.

The Internet used to be filled with raw data, but in the age of centralized,
walled garden curating, the essence of the information superhighway has been
lost.

It would be cool if they could pioneer a new way to replicate data in the age
of autonomous vehicles or use the Internet to transfer volumes of data for
offline nodes to broadcast and reimagine DNS and the other fundamental tools
to make something like that resilient.

If they could remove most/all of the ads, marketing, monetization and
censorship from the data, we might see another generation experience the raw
data bliss many of use were raised on in the pre-dot.com era.

It was truly something special and felt like the world (of knowledge) was at
your fingertips (instead of something slimey on the other end).

------
troquerre
PSA if you had over 15 followers on GitHub by August 2018 you were likely
included in the Handshake airdrop. Basically they developed a way to give each
dev in the airdrop 4662 coins each (worth a lot since current market price is
$0.50[1]). These instructions walk through what the claiming process is like,
which can only be done after block 2016 in a day or so
[https://namebase.io/airdrop](https://namebase.io/airdrop).

[1] [https://namebase.io](https://namebase.io)

~~~
stubish
Interesting they are soliciting personalities, rather than infrastructure,
sysadmins and others who might have more power to push Handshake. Leaves out a
lot of the Great Old Ones too, like say a big hunk of Debian and Ubuntu
developers. Or Firefox devs, who have a lot of power here. Lots of projects
predate Github. When I looked, I'm honestly surprised how many followers I
have there - why would you follow me personally? Rather than the projects? I
wouldn't follow me. Seems rather creepy.

Edit: I see elsewhere there have been cash drops to Debian, Arch and probably
some other projects. Which makes sense.

~~~
SkyMarshal
It’s not soliciting personalities but rather developers who have made things
useful to at least 15 other developers, at least on Github.

They also needed exposed public keys to airdrop to, which limited the airdrop
to Github and the WoT strong set.

~~~
tasuki
> who have made things useful to at least 15 other developers

Then why not look how many stars one's repos have? That seems a much better
metric to me.

A friend of mine has hundreds of stars on their repos but only 30 followers. I
have around a hundred stars on my repos but only 20 followers. Conversely,
I've seen people who are into networking, have a lot of GitHub followers, and
no meaningful repos at all.

------
jspaetzel
First impression: Great another ICO.

Second impression: Not a wildly outlandish idea but im not sure if it's a good
idea either. Decentralized and automated registrar with a concept of renewals.
Nifty.

I'm not really sure how the economics here work out.. Could I scoop up a few
million names early on and then hold them forever? Has that already happened?
Could this enable anonymous registration? Would these things make users trust
these names more or less?

~~~
pinhead26
The project raised $10M and then gave 100% of it away to open source projects.
They receive some HNS tokens in return. There is a massive airdrop of coins to
hundreds of thousands of guthub users, spreading out the money supply to
people who might be the most interested in using the system. In other words,
this is the least ICO-y new blockchain in a decade.

Names roll out over 52 weeks: HashName(name) % 52 = week number that a name is
available. So that should attenuate squatting. Also bidding on names locks up
coins for something like 2 weeks, so it's hard to bid on too many names.

~~~
jspaetzel
Well. That's a nice publicity stunt. lets see how they get their investment
back. It's nice that this project does some good.
[https://github.com/handshake-
org/hsd/blob/56c83ca7344def512e...](https://github.com/handshake-
org/hsd/blob/56c83ca7344def512ef861f452bff91d43bc8f52/lib/protocol/consensus.js#L88)

So if I read this right

Creators get: 102mi coins

Sponsors get: 102mi coins

they are airdropping about 952mi coins to users on github to the tune of 4,246
per user.

So they're collecting about 20% of all coins initially dropped. That's
slightly more then some. And at the value listed on
[https://www.namebase.io/](https://www.namebase.io/) that adds up to some
102,000,000 * $0.44 = $44mi.

Ok, so it's not an ICO exactly, instead they raised VC funds which is
expecting a return by selling coins.

I've just spent a few minutes looking through the website, docs, and a little
code. And I have no idea how an end user will use these names. Everything
polished about it is for trading coins not real world usage. Sounds like every
other crypto coin.

~~~
SkyMarshal
_> how an end user will use these names_

It’s aimed at open source developers who will be able to figure out how to use
the system, not mainstream non-tech normies. As evidenced by the large airdrop
to Github.

~~~
jspaetzel
Most people who own domain names and run websites are mainstream non-tech
normies.

------
jimmysong
This has been tried. It's called Namecoin and it failed to get much traction.

I suspect that using Bitcoin instead would improve adoption dramatically
instead of creating yet another token. This can be done using sidechains or
something similar.

~~~
rglullis
ENS is running on top of ethereum just fine

~~~
tynes
I think ENS is queried more often in a different context than DNS, since many
people access it via JSON RPC over HTTP. The interface is an Ethereum
contract, although records could be cached in a DNS server if the server can
hit an Ethereum node upstream. The two projects feel pretty different for that
reason. Handshake could be accessed over DoH potentially.

------
the_snooze
Looks like this is similar to Namecoin?

[https://www.cs.princeton.edu/~arvindn/publications/namespace...](https://www.cs.princeton.edu/~arvindn/publications/namespaces.pdf)

~~~
SkyMarshal
Similar but attempts to solve some of the problems with it, like trademark
squatting and including an on-chain market for TLDs.

------
djsumdog
I don't see information on how names are handled. I know Zeronet started the
entire .bit (which can be purchased with NameCoin). Are there reserved TLDs
for handshake?

Has ICANN said anything about .bit or .onion TLDs? I suspect TOR is big enough
they won't touch .onion, but if they sell .bit, you'll then have some name
overlap/conflicts.

~~~
lifty
The handshake namespace overlaps with the normal domain name system, but they
reserve the top 100k domains for the current owners. My only concern is the
long term sync between DNS and the old system. But I like the project and I
think it’s a good way forward for replacing the current centralized DNS and
PKI system

~~~
pinhead26
I'd say it extends more than overlap: If a name is not found on the Handshake
chain, the resolver "falls back" to legacy ICANN DNS. Since all current gTLDs
are reserved as well as the top 100k, there won't be any overlap for a while.

~~~
lifty
That's great. I didn’t know that all the gTLDs are blacklisted, I thought they
only the first 100k. This should make the transition smoother

------
dang
A thread from 2018:
[https://news.ycombinator.com/item?id=17673922](https://news.ycombinator.com/item?id=17673922)

------
josh2600
I am actually curious because I don't fully understand how Handshake works...
I believe it allows you to setup a K of N threshold signature scheme for
changing DNS, which, is kinda cool, but I don't understand if this would help
BGP route hijacking.

Edit: I guess this is a replacement for ICANN not the inter-carrier routing
protocols, which is, interesting. Is the point here that if DNS authorities
switch to Handshake for authoritative DNS it will be harder to hijack routes?
I would love an explanation, sorry it I'm being dense!!

~~~
pinhead26
It doesn't address BGP, just DNS. You are correct about the signature scheme
though. In fact, names are owned by unspent transaction outputs, exactly like
Bitcoin. Meaning you can own a name with whatever weird script you want (2 of
3 before a certain date, 4 of 5 after...) you can even add scripts that allow
certain keys to update a DNS resource, but a different key to transfer the
name.

------
xoa
:\

As has been the pattern with all these decentralized DNS schemes, the FAQ
doesn't cover the most utterly basic question: "I currently have one or more
domains that I use extensively for my own life/work. How do I transfer those
to try this new scheme? How much actual dollars/euros/yen/yuan/... does it
cost, not mystery blockchain-whatevers but predictable real money? Does this
new scheme harm me?"

Shouldn't an experimental system in particular want regular tech people with
personal domains trying it out? We'd probably be more willing to give it a
whirl (with fallbacks) since it's more for our own private use. But instead
it's all about trademark holders and the Alexa 100k and so on, which is
important too but it seems like most such domain holders would be a lot more
conservative. And I've had a growing suspicion that the last part of the
question doesn't get answered clearly because the answer is "you may get
screwed, we are ideologues who think that people should be able to take your
domain if you're not rich enough to defend it."

I mean, right now I don't in fact see the current DNS system as _horrible_.
Cloudflare and others are pretty reliable registrars and companies to deal
with. A .com is about $8, .net and .org both about $10. A known amount of $200
or so and I'm set for 10 years, and I consider that a good thing. I've had my
domains for nearly 20 years now, they're core to my online identity and
personal infrastructure. Same for most businesses, DNS sits at the center of
everything. My concerns are about ICANN allowed price increases due to
monopoly, and whether bad actors could somehow try to claim my domain and how
I'd fight that as an individual. But I don't see answers in the FAQ to how
this would help answer those. My personal domains aren't in Alexa top-whatever
so it sounds like handshake will auction them off. There is a "renewal fee"
after that but it's handwave-y:

> _Renewals for names are annual and cost a standard network fee_

A standard network fee of _what_? $1? $10? $100? It can vary by thousands of
percent at random like so many cryptocurrencies? How long is the renewal
window? Can it be paid upfront? What happens if it gets missed? Is any of this
_predictable_?

I simply don't see any brass tacks implementation stuff here. It's a bunch of
high level hoohah about the evils of centralization without any
acknowledgement of how centralization can be useful and efficient too and how
they deal with that. The word "federation" does not appear at all, which is
another important approach/aspect. It sounds worryingly like a common
"religious" approach where people take a tool (like decentralization) and turn
it into a goal in and of itself.

~~~
troquerre
There's an airdrop that gives developers on github claims. Basically if you
had over 15 followers on GitHub by August 2018 you likely got 4662 coins
(worth a lot since current market price is $0.50[1]). These instructions walk
through how to claim the airdrop
[https://namebase.io/airdrop](https://namebase.io/airdrop). This way you can
easily register names to try Handshake out even if you already have websites
in traditional DNS.

[1] [https://namebase.io](https://namebase.io)

------
uberdru
Does putting self-signed certs on a blockchain really solve the problem?

~~~
vbezhenar
Everyone can put self-signed cert on a blockchain. You need to prove that you
control the domain. Easiest way to prove that is to ask your registrar. And if
your registrar will sign this fact you don't even need to ask him. So you
naturally will come to DNS and DNSSec. And all standards are already here:
deploy DNSSec, put TLSA record and it's done. It's a solved problem, just not
widely supported.

~~~
uberdru
"prove that you control the domain"? isn't that the rub? sounds a bit circular
to me at least. there doesn't seem to be any solid replacement for the
existing centralized trust authorities. what am i missing?

~~~
vbezhenar
As long as we're talking about conventional DNS, it's centralized by design.
And if you want to build a better DNS, you can just use onion: domain is
public key and you can even mine good domains (facebookcorewwwi.onion).

------
dependenttypes
I really do not see the point. Naming not only is not important but it also
causes issues with trust. I think that the solution that tor/i2p went with is
much better.

------
withinboredom
The only one I wanted isn’t released for a whole year, lucky me

------
RL_Quine
They've somehow managed to make the two least optimal choices of language
possible.

    
    
        The full node daemon, hsd, is written in Javascript.
    

A non type safe language with poor package management for consensus critical
code.

    
    
        We also have a light client, hnsd, which is written in C
    

A non memory safe and error prone language for client code people would run on
their systems as root.

~~~
pinhead26
Well at least you don't have to worry about package management, all the
dependencies are built by the organization either from scratch or with
vendored code.

Re: JavaScript, you should take a look at the code in repo, it's excellent.
There is a such thing as great Javascript code and bcoin/hsd are prime
examples.

~~~
RL_Quine
I'm very aware of bcoin.

[https://npm.anvaka.com/#/view/2d/bcoin](https://npm.anvaka.com/#/view/2d/bcoin)

Many steps of indirection away we find things like this include.

[https://github.com/juliangruber/isarray/blob/master/index.js](https://github.com/juliangruber/isarray/blob/master/index.js)

    
    
        module.exports = Array.isArray || function (arr) {
          return toString.call(arr) == '[object Array]';
        };
    

Javascript is an absolute joke of a language.

~~~
Ajedi32
I don't really see the problem. On any remotely modern version of Node that's
just a noop. On ancient versions of Node its a very useful polyfill.

------
joosters
Great, what the world really needs is a hideously inefficient set of
distributed DNS servers that are permanently eating 100% CPU to do their
proof-of-work blockchain mining crap. The page hand-waves this away by
claiming (with no good reason) that it will all be renewable energy. Just like
bitcoin in China, right?

~~~
verdverm
You missed what HS does. It does not run the DNS system, it extends what ICANN
does. The same DNS tools and infra are still used

------
ruyden1000
This is golden, it reminds the time when Let's encrypt started. Something that
is challenging and can change a lot the direction of the internet.

~~~
RL_Quine
Nice astroturfing.

~~~
dang
Please read and follow the site guidelines.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
Ajedi32
This is a great idea with one easily correctable but nonetheless fatal flaw:
it's an all-or-nothing preposition. If users choose to use Handshake as their
DNS roots, they will no longer be able to access websites which only exist on
ICANN's root zone.

Assuming I'm not mistaken and that really _is_ how Handshake is set up
(someone please correct me if I'm wrong), then IMO the whole project is
essentially dead on arrival. There's no chance they're going to be able to
convince millions of large websites to register on a new DNS root overnight.
And even if they did somehow managed to convince 80% of websites move to the
new system, users _still_ wouldn't switch over because doing so would
effectively break 20% of the internet for them.

It's a real shame, because this problem would be trivially avoidable if they
simply allowed the existing TLDs use the ICANN roots and confined Handshake
domains to their own TLD (.handshake maybe). That way, adoption could happen
slowly over time and users could switch over to the Handshake roots with no
downsides. As-is though this is simply unworkable.

~~~
xur17
> If users choose to use Handshake as their DNS roots, they will no longer be
> able to access websites which only exist on ICANN's root zone.

This is not true. You can setup Handshake to be your resolver, and it will
resolve both domains on handshake, and legacy domains from icann.

~~~
Ajedi32
Then what's this paragraph in the FAQ about?

> Existing TLDs and over 100,000 Alexa websites are reserved on the Handshake
> blockchain. Upon removing collisions, generic, and exclusions (e.g. 1 or 2
> character names), approximately 80,000 names remain. Using the root key and
> DNSSEC, domain owners can cryptographically prove ownership to the Handshake
> blockchain to claim names.

Does Handshake control existing (`.com`, `.org`, etc.) domain names or don't
they? If they do, then what happens when a DNS entry in Handshake's roots
contradicts what's in the ICANN roots? If Handshake wins conflicts, then that
breaks the internet for existing users.

~~~
xur17
I have a longer answer here [0], but in short, Handshake does not control
existing domain names. They are giving the top 100k existing domain name
owners control of a gtld based on the domain they own. Ex `example.com`
receives `example` in Handshake's system.

[0]
[https://news.ycombinator.com/item?id=22312059](https://news.ycombinator.com/item?id=22312059)

~~~
Ajedi32
Okay, that's much better. Thanks for the clarification. I assume "com", "org",
"net", "ninja", etc are also reserved then?

~~~
xur17
Yes, they are. The list can be found here:
[https://raw.githubusercontent.com/handshake-
org/hsd/1c2d1036...](https://raw.githubusercontent.com/handshake-
org/hsd/1c2d1036b262ecb767e71a73cd91ef11c940b230/lib/covenants/names.json)

