Hacker News new | past | comments | ask | show | jobs | submit login
Handshake – A Namespace for the Decentralized Web (meowis.ms)
154 points by rasengan on Sept 24, 2020 | hide | past | favorite | 92 comments

If you want to try out an application which is already using Handshake, check out my decentralized Android App Store based on Domain Names: https://skydroid.app

If you're looking to easily play with Handshake, checkout https://namebase.io

Recently chatted with the co-founder, Tieshun. He does a good job of making the case for Handshake and why it's so important for the internet. https://youtu.be/YRU0DE6zj5o

This decries domain registrars as bein evil and pitches that with this platform you can become the same as them:


Earn money selling subdomains off your TLD. Get paid recurring income for every subdomain you sell.

Distribution — Plug into Namebase's network of registrars, like gateway.io, to supercharge distribution for your TLD.

Peace of mind — We've got you covered. Namebase handles domain registration, revenue collection, and renewals. Sit back and collect your profits!


How is "a few people controlling top domains" the same as "many people controlling top domains"?

Because its still centralising control. If I want to use myrealname.tld, I need to pay someone sitting on that TLD while they 'sit back and collect the profits`. Its like a tech pyramid scheme.

So decentralizing control among potentially thousands of TLD owners is... centralizing control?

If you have a point you're not making it very clearly.

I don't get why this is so hard to understand. You keep putting forward a strawman of it being less entities, but that's missing the point entirely that it's still centralised, it being to a lesser extent does not negate that simple fact.

You keep using that word, but I don’t think you intend its normal meaning. Let’s take a different example, is home ownership in US centralized? Every reasonable person would say no, we don’t have few large entities that own every home. But you would say “Yes, because if I want to buy a home, the current owner would have complete ownership of that home, and a central entity I have to deal with!” But that’s not what centralized means in common parlance or litterateur.

a decentralized namespace system would be something like:

* sibyl free identity system

* the highest bidder gets to rent a domain name

* everyone receives the average domain rent: the sum of all rent combined, divided by the number of unique users

* want a more desirable domain than the average? pay into the system to receive this special attention from the group

* satisfied with a less desirable or simply no domain? receive crypto for having others make use of your namespace attention

* prevent temporary hijacks: whenever a user clicks a link or types a URL, depending on how he configured his software it would show the different servers previous owners (say last 2 years) of the domain control, with their remarks etc; to make it easy for rightful owners of temporarily outbidded domains to point out this domain used to point to them but was hijacked...

an alternative to prevent hijacking: URL scheme for links mandates containing a block height at the time of writing the link; so when an author wishes to share a link he either copies the link from another document (thus containing the original block height) or he copies from the browser URL bar (which inserts the block height into the URL)

That's an awful comparison and a strawman.

It's quite plainly not centralized to me. Could you explain what decentralized means to you?

I would turn this around and ask you the same. Using your own understanding of the term, what is centralized about the current status quo?

Yes. And his point is perfectly easy to understand.

While I do agree that this is a significant departure from the current system, is there some mechanism other than individual domain owners refusing to sell that prevents this from re-centralizing? As in entities with sufficient capital coming in and buying up huge amounts of domains and rent-seeking on those and effectively re-creating the existing system?

What happens when the handshake blockchain forks (say, because the developers can't agree on a change), which of the two 'trustless' forks am I meant to trust from that point on?

Ultimately you'd have to decide which one you want to treat as the canonical chain. There would be two (or more) parallel histories, and users would have to figure out which one they wanted to follow.

By default, all users would go along with the original chain. To follow the chain with the updated rules (whatever rules the developers couldn't agree on), a user would have to manually opt-in to that updated set of rules.

well, that, or the primary client decides a direction and forces it onto everyone as soon as they update... :)

A lot of blockchain clients (including Bitcoin) have no auto update feature.

and them i'm going to fork both of the forks to a mega fork just because we know how much we like forks

The one with the most hashing power. Just like Bitcoin.

I mean when contentious changes are made, e.g. bitcoin vs bitcoin cash, or ethereum vs etc. Hashing power doesn’t come into it.

What's the path to actually make these domains usable? Does a browser just have to start supporting Handshake?

Too many blockchain pitches say things like it "would be great" if everyone used it. Yeah, it'd be great if we all moved to a decentralized everything, but users don't care enough.

Could a browser like Brave or Firefox decide to start supporting this? Then some websites would only work on Brave/Firefox, eventually forcing Chrome and Safari to support it too.

You can browse Handshake sites with Firefox by using the NextDNS [1] resolver (it's an option in Firefox's Settings). You can also use hnsd [2] or hsd [3] as your resolver.

There are a lot of sites and you can see who has claimed their names and/or put up resolvable names on DNS Live [4].

[1] https://nextdns.io/

[2] https://github.com/handshake-org/hnsd

[3] https://github.com/handshake-org/hsd

[4] https://dns.live/ </shameless>

Don't you need to enable handshake resolution if you use the NextDNS resolver?

You're absolutely right! You also need to activate the Handshake support in NextDNS' settings!

The web navigator (browser) has had "registerProtocolHandler"[1] api, which has been around since at least 2008[2]. The history has been a little complicated, but it lets one write a page that can handle addresses of this sort. That could be a handshake relay page, that loads the handshake content, then renders a page with it.

There is also similar work in WebExtensions to allow this to happen in the extension layer. Here's[3] a list of p2p-related handlers which were whitelisted (similar was done in Chrome), but "web+handshake" would work without whitelisting. These extensions would obviously be more useful if any mobile browsers had extension support. Firefox seems to have just shut the door on most extensions![4] What the hack?!

[1] https://developer.mozilla.org/en-US/docs/Web/API/Navigator/r...

[2] https://caniuse.com/mdn-api_navigator_registerprotocolhandle...

[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1428446

[4] https://www.androidpolice.com/2020/09/03/firefox-update-face...

Handhake is one of those service that is not over hyped. Check out their sponsors: https://handshake.org/grant-sponsors/

Also a decentralised DNS is exactly what we need.


That list of Open Source "Internet Good Guys" is a list of groups that Handshake decided to sponsor, not groups that endorse or have anything to do with Handshake.

The actual sponsors of Handshake include the dogpile of VCs and financiers that you'd expect would gamble on a blockchain project, confusingly (deliberately?) listed below the definitely-not-sponsors list.

Look, it's great that they want to support the open source community that they and everyone else relies on, but it looks to me like they're trying to trick careless readers into thinking that these well regarded open source / community organizations support the Handshake project. Even with the big disclaimer, that list is the biggest part of the page. It almost seems like they're trying to look good by association, when there isn't even any association... they just wrote a check using VC funds.

To me, this sends a strong negative signal. If anything, it makes them seem more overhyped, not less.

Eh, I think you just read it wrong. This doesn't seem confusing nor deliberate. Right above the list of the sponsored open source projects, it says in bold:

""" The inclusion of the pledge recipients on this page does not constitute or imply any endorsement of Handshake on the part of recipients but simply reflects gratitude for the grant recipients' contributions to FOSS.

Some of the Current Pledge Recipients (Net 10.2MM USD + coin grants to some recipients) """

It has said this at least since August[0].

[0]: https://web.archive.org/web/20200817152057/https://handshake...

There are actually multiple paths already! In addition to NextDNS, there is:

HNS.to (No DNS configuration or downloading needed), LinkFrame (Chrome extension), Resolvr (Firefox add-on)

This is the biggest issue I have with Handshake. I have a couple Handshake TLDs, but I can't really use them at all. What Handshake is trying to achieve is in essence similar to trying to establish a new set of root servers. And just like that idea, it will never realistically happen.

Infrastructure changes on this scale are basically impossible, as evidenced by the IPv4 to IPv6 transition. The only reason that even has a chance of succeeding is economic incentives caused by rising IPv4 prices, however, Handshake does not have that type of incentive.

In my opinion, Handshake will lead to positive changes in our current DNS system. However, I don't see Handshake ever replacing our current system.

Sure I can use it for some things, but no one else can. I can't even get an SSL cert for them, or control DNS using an API like I can with Cloudflare (I can setup my own BIND server, but its a lot more work for not much gain).

I can use a gateway like HNS.to to share it with other folks, but thats uglier than a normal domain and bad practice due to shared cookies and the like.

Its just not worth it right now.

> What Handshake is trying to achieve is in essence similar to trying to establish a new set of root servers. And just like that idea, it will never realistically happen.

Yes, it will need to find a foothold in a parallel domain (no pun intended). IPC is one example. Combine something like in-process REST with the ability for any app to trivially bind to a name, and we'd be getting somewhere interesting.

Skynet leverages HNS names to shorten its skylink hashes. So path to usage here would be in the form of a shortened URL. IE: https://[traditional TLD]/hns/[HNS domain]

From the site:

"Stop paying for new domains"

Also from the site:

"Buy Handshake coins"


Bit simplified. More accurate (at least from my understanding of the article):

From the site:

"Stop buying domains that are owned by third-party for-profit companies who control the market"

Also from the site:

"Use the Handshake currency to participate in auctions hosted by no one in particular, in a market controlled by code"

>> Use the Handshake currency to participate in auctions hosted by no one in particular

Well, it looks like the short/good tlds were either reserved or already bought. To me it's just another failed distribution model/project. How many active handshake websites are there? 99% of the domains sold seem inactive, purchased for speculative resale value.

Guess what? I'm working on my own fork with a more value-based distribution(IMO).

actually... the tlds are gradually being parceled out via a seemingly random algorithm to prevent exactly the type of squatting you're complaining about. a LOT of TLDs still aren't available for purchase yet. the ones that are already in the top Alexa results were reserved for the people/companies that already owned the names in existing TLDs... again, to prevent squatting.

> Well, it looks like the short/good tlds were either reserved or already bought

That's up to debate I guess :) I'm sure people say the same about the web/internet today, but still good domains are being created every minute, because someone is more creative than the ones before.

The whole point(or at least most of it) of handshake was to have a fair distribution model. It's not like handshake is the first blockchain DNS system.

to be clear, you don't have to buy coins. you can still mine them and a boatload were given away to open source devs.

This looks really cool.

I've been trying to advocate for the existence of a system like this for RSS feeds. IMO, RSS "failed" (it didn't fail, it's still around… but obviously it doesn't have the traction of Instagram or Twitter) because discoverability of RSS feeds is abysmal.

If RSS is ever to go mainstream, or we're ever going to have a federated answer to corporate social media, it's going to require some kind of decentralized phonebook. HNS might solve that problem.

One of the challenges for RSS is that even a lot of hobbyist blogs that aren’t big "corporate social media" depend on ad income. The blog owner might keep an RSS feel going either out of ignorance (because his Wordpress setup automatically generates it, but he doesn't think about it) or because he thinks it important for SEO, but he really doesn't want people using it. He needs people to visit his site whenever they want to see the latest posts, so that then they can be exposed to ads. I have seen blogs where even mentioning in the comments section that you subscribe to the site’s RSS feed, is an automatic ban.

So if we want feeds to become popular again, we need to encourage support models for indie content that don’t depend on ads. So far, blog owners are seeing a dearth of donations and sponsorships to keep them motivated, so of course signing up for an ad network is the only choice they think they have.

You can always truncate the content of the feed to have people visit.

For smaller sites which don't have new content every day, an RSS feed means I'll come back, no feed means I'll probably forget about it and never come back at all.

I have always wondered. What prevents them from sending ad links in the feed? If the clients could render them, that there's a workable model, right?

How is this better than Namecoin?

Namecoin has the unique advantage that you can do merged mining with Bitcoin which would make the network as secure as Bitcoin without further waste of resources.

IMO namecoin screwed up distribution - 99.9% of names were squatted on. Handshake tried to solve this with an auction system and names are released over a 52 week period. Also, they reserved the alexa top 100,000 names for their owners.

Another thing is that namecoin is just on one tld (.bit) whereas with handshake you register names as a TLD.

Remember, all of the talk about 'distributed' and 'trustless' for just about any blockchain is a lie. Just take a look at the mining pool statistics to see how many organisations are really in control.

e.g. for Handshake, the largest two mining pools control about 60% of the hashrate, meaning that only two groups (possibly both run by the same person) control the whole chain. So much for decentralized!

Even bitcoin suffers from the same centralization - the top 4 pools have over 50% hashrate (and so effectively control the blockchain).

Where did the 'distributed' blockchains go?

Whether something is really distributed or not is not only debatable but more importantly transient. Maybe it is today and not tomorrow.

Yes, you may consider that HS is not fully distributed because of the reasons you stated (many may disagree with you, hence debatable) but if you REALLY wanted to do something about lack of decentralization, you could: just start another mining pool. This is the other aspect of public blockchains that normally goes unmentioned when calling them distributed and trustless: they are permissionless.

Except they don't "control" the blockchain. They just have a bit more leverage about which transactions are included in future blocks. That's not optimal, but still a far cry from complete control.

Aren't most (including bitcoin) cryptocurrencies ledger confirmed by the continued confirmation of current hashing powers?

That's at least what I understood the 51% attack to be.

Basically have >50% quorum and you can just add any transaction to the shared ledger

If this is actually done, the currency's with would be basically done for, so unlikely that anyone would do that

You can't 'just add any transaction', the transaction has to follow the rules of the protocol (such as respecting prior owners of coins, respecting the total number of coins in circulation, etc) otherwise the block will be ignored (no matter how much work it has attached).

The general technical audience tends to greatly overestimate the amount of power that a 51% attack has. A 51% attack can only do two basic things:

1. prevent certain transactions from making it onto the chain (somewhat expensive) 2. re-write history so that previously confirmed transactions are no longer on the chain (quite expensive - increasingly expensive the further back in time you rewind)

You can't change the rules of the system, you can't arbitrarily steal funds from users, you can't change the inflation rate, etc.

It wouldn't necessarily be done for because you can't steal coins with a 51% attack. You can double spend and block transactions, which is not the end of the world.

The distinction between "steal coins" and "double spend" is academic at best, though. In practice, in a double spend you are either lucky to be getting "free coins" stolen from deflation/inflation or the double spend is caught, unwound, and someone is designated the "loser" that lost money in the transaction. Either way meets many practical user definitions of "stolen coins".

You don't have the power to cause inflation. There is a material difference between stealing coins and double spending. Stealing coins implies you can rewrite anyone's balance to be your own balance.

Double spending requires having counterparty, confirming a transaction with that counterparty, and then re-writing history to eliminate the transaction that the counterparty accepted. Coins that aren't in motion during the 51% attack can't be stolen, and coins that are in motion but aren't being sent from the attacker also can't be stolen.

If someone can double spend or block transactions, that's pretty much the end of the network if no-one can do anything to it.

But you can do something against it - wait. Basically a double-spend in 2 concurrent latest blocks is doable. N blocks down significantly harder. So the more valuable the transaction, the longer you want to wait to make sure it's not going to be a double-spend.

Additionally, we can also detect deep double-spends very easily!

When a double-spend occurs, usually it's from a deep chain reorg. This is what people usually refer to as a double-spend attack, not the kind of reorg where it only affects a few of the top blocks (which isn't uncommon). The latter occur relatively frequently due to the nature of Proof-of-Work being essentially a race.

Consensus mechanisms can detect when a sudden "deep" reorg occurs, e.g. a sudden reorg of 200 blocks that we didn't previously expect to be reordered. When this happens, it's relatively safe to say that this is a double-spend attack and we can disregard the attacker's chain. There's variations of this that additionally add things like "checkpointing" wherein reorgs beyond a certain block depth (the "checkpoint") are impossible at the consensus level.

There's a lot to critique about blockchain tech, but miner centralization is a relatively dated concern. Yes, it's a concern for many blockchains, but for the major Proof-of-Work chains (Bitcoin, Ethereum), it's not an issue anymore.

Also on Hacker News right now is Escaping the Dark Web[1], about a coordinated effort to mint & publish some blocks without front-runners stealing all the work & claiming a big contract for themselves.

Leverage, control. There's some play for what term we use to define the imbalance of these systems. But it sure seems like large, amassed forces have enormous sway over many of these systems, to the point where they can act as they want & are incentivized to do so with other large malfeasants.

[1] https://samczsun.com/escaping-the-dark-forest/

> about a coordinated effort to mint & publish some blocks without front-runners stealing all the work & claiming a big contract for themselves.

Wow, I have no idea how you read that really awesome article and concluded with such a response as this.

The article demonstrates how the authors were able to collaborate with miners to safely secure $9M worth of tokens due to a security vulnerability in a smart contract on a public blockchain where anyone could figure out the vulnerability and execute it before they could secure the funds.

Being upset that a miner is able to pick transactions that they want to include in their block demonstrates a clear lack of knowledge in how these distributed databases (blockchains) work and any critique similar to this can be disregarded.

> Being upset that a miner is able to pick transactions that they want to include in their block demonstrates a clear lack of knowledge in how these distributed databases (blockchains) work and any critique similar to this can be disregarded.

I think me & the author both identified exactly how dangerous it is that large powerful forces in these pools can pick & choose which transactions they want to win.

The author had to go peer with others to make their own large coordinated/centralized pool to try to make sure they had some chance of winning.

Agreed that this was a public contract, & they managed to save the bacon via this coordination. But it's amazing how user-hostile it is trying to get anything done in these distributed environments. The power is enormously shifted to the hands of the large players. In many ways, a centrally managed but observable is a higher trust, higher security, more user-supporting system than these distributed systems.

> Even bitcoin suffers from the same centralization - the top 4 pools have over 50% hashrate (and so effectively control the blockchain).

In my limited understanding, this is not an issue because it is in the miners' best interest to actually do their job correctly. They wouldn't have an incentive to muck around.

For the other cases like smart contracts and such maybe it's a little different. And perhaps that is why Ethereum is moving to Proof of Stake instead?

>In my limited understanding, this is not an issue because it is in the miners' best interest to actually do their job correctly. They wouldn't have an incentive to muck around.

Well, they wouldn't have in-game incentive to muck around, but they could have meta-game incentive. Here's a good article explaining that:

https://news.ycombinator.com/item?id=21058809 (Rationality is Self-Defeating in Permissionless Systems).

I know this won’t be popular here, but this reminds me of the “security theater” talked about on the Urbit blog. They basically designed the urbit network to account for the fact that there needs to be human escape hatches for any number of reasons. To pretend otherwise would be to set up a “theater”.


What is your opinion on this topic?

> "Remember, all of the talk about 'distributed' and 'trustless' for just about any blockchain is a lie. Just take a look at the mining pool statistics to see how many organisations are really in control... e.g. for Handshake, the largest two mining pools control about 60% of the hashrate, meaning that only two groups (possibly both run by the same person) control the whole chain. So much for decentralized!"

But that was what some 3-letter-agencys did to the Tor-network _about_ 'decentralisation'

Quoting from another topic not far away: Are governments, oligopolies or even monopolies ? A rival it never saw coming, a rival it didn’t take seriously when threatened and even refused to

- 'given the chance'

?? Whe did it go ?? ...where had it gone ?


This might help explain things. (2 min)

I love the discussion & effort.

On the other hand, relying on proof of work & creating an economy just to have distributed naming, to me, seems unnecessary & limiting. Users ought to be able to generate & use names heavily if they so desire, without having to do meaningless work to do so.

Systems like wireguard and HIP aren't name systems but they are connective systems, built around cryptographic identity. They assume a system of plenty, where folks & systems can be generating & using new identities regularly. To me, i'd much rather create a name system build around identity & assumptions of plenty, than a more name oriented systems built around restricting/controlling/limiting/funnelling distributed naming, through a Proof of Work pipeline.

Most proponents of Proof of Work don't celebrate the use of energy. They celebrate the use cases that PoW enables. I don't know of any other way to trustlessly establish a consensus ordering, and I believe that being able to trustlessly establish a consensus ordering is very valuable, therefore I believe PoW is worth the expense.

These decisions get made on an open market, it's not like anybody is forced to put money into a wasteful system if they aren't getting value out of that system.

I personally don't feel like identity & naming want or need concensus ordering. I cited HIP & Wireguard, which don't require that total ordering.

The issues of control & power that come into play when we create distributed systems then make them all agree & work in the same way seems antithetical, to me, to the very idea of distributedness itself. I'm far more interested in systems that can range & explore possibility spaces untethered from any notion of root consensus. I would have us rely on informal weak trust models, friend of a friend, web of trust relations, rather than distributed-but-totalizing.

Thank your for your reply. I've talked some about my questions & what I want to explore, but I appreciate your comment a lot. Talking about what proof of work buys us, that it's there for total ordering, is I think a wonderful assessment, & even though it's not my priority or desire, I do think it buys a lot of interesting technical capabilities & assurances we may otherwise not be able to have.

Wireguard and HIP don't allow people to reserve human-chosen names in a single namespace and then resolve conflicts between users trying to reserve the same name. Solving that problem in a trustless decentralized way takes a blockchain-type system. (The problem is sometimes called "Zooko's Triangle". There weren't any known good solutions to it before Bitcoin happened.)

Right, for sure.

I'm not really in favor of single namespaces at this point. It's been wonderful having DNS as a reliable universal naming system, but if we're talking about trying to move to a more distributed model, I'm more interested in loosening the strings & exploring the space beyond a single namespace. Not just decentralized, as the article talks about, but also distributed. Embrace strong cryptographic identity, cryptographic names first, & leave human naming for additional layers, probably around web-of-trust models.

To me, trying to recreate DNS but with arbitrary distributed blockchain systems to allocate power instead of arbitrary icann registries doesn't seem that advantageous. I do like the idea of censorship resistance, of really owning a name, but the cost & viability of claiming & winning names via out Proof-of-Work'ing folks or buying currency seems daunting to me. The hurdles here scare me. And having one single namespace that can never expand & grow, where the good keeps getting carved out, by early players: that scarcity is unappealing. Single namespaces are consistent & that's powerful, but the digital is capable of so much less scarcity, albeit we humans only have limited experience trying to harness & direct such unlimited digital abandons.

There's plenty of good, interesting, valuable work on single namespaces that we can do, & this is probably a good, interesting, & valuable contribution (albeit one that leaves me with a lot of questions about participation & how the system functions). Restricting ourselves to the scarcity of a single namespace seems both sensible & practical, like a straightforward route towards adoptability, towards a more likely to be impactful protocol. But I do hope some of the wilder, less restrained options for how we do naming get a chance, are a part of our broader experiments in naming.

> Restricting ourselves to the scarcity of a single namespace seems both sensible & practical, like a straightforward route towards adoptability, towards a more likely to be impactful protocol. But I do hope some of the wilder, less restrained options for how we do naming get a chance, are a part of our broader experiments in naming.

Do you have some particular options in mind? Practically any example I am can come up with ends up devolving to a single namespace.

The least restrictive one I can recall is the Usenet namespace where the equivalent of a subdomain didn't — at least in principle — require permission from the domain "owner" to establish (eg. alt.comics.superman.dies.dies.dies). In practice this required coordination and consensus among various administrators for a new group to be established, and under various scenarios existing "owners" could object.

Overall I think letting people pick their own pet names & grow their personal popularity is the most important step we can take as an onlining civilization. It's also going to be total chaos, but I think we'd have to keep growing & iterating, via a lot of bad failing. Present the complexity, present the multitude of options, & surface historical data to show who favors & prefers what, over time.

A more practical take, I'd love a domain name system that only promised that, at some time, i was the owner of a certain DNS domain. If I stopped being the owner, I could still continue hosting my site, my identity would be cryptographically well known & certifiable, people would know who to come to (or maybe not, not a hard requirement for this scenario; like HIP they should know me when we talk & i do want to say it's me), even though the link, the "ownership" (renter-ship) of the domain i'd held had expired. This again is another huge host of interesting messy hard problems, and if someone does get my keys, i'm hosed, but i really like how it favors a very strong distributed identity over this pressing incessant badgering need DNS has to enforce consistency & singularness.

Hmm. So something like sending mail to a person at a street address? That is, even if you don't still live there (and even if there is no forwarding address), it's obvious who it is for (which isn't the current occupant).

Rob Pike is doing something similar with Upspin. See https://upspin.io/

How is this any better than ENS? I can currently visit .eth domains that are hosted on IPFS using Metamask.

Are those static sites only, or can they resolve to an actual server IP address that does computation without sharing the code?

> As a standalone blockchain, Handshake has room to grow all on its own and govern itself without interfering with other projects or having to compete with different priorities with other use cases (like gaming or DeFi) trying to run in parallel on the same network.

So, as soon as someone with enough resources decides to take it over, it's no longer decentralized. Cool, cool.

Also, there's that whole CO2 thing that we really shouldn't be exacerbating by relying on proof-of-work.

Sometimes there are advantages to centralized DNS. Wouldn't this make taking down botnets' c&c servers that much harder?

I suppose there could be a blacklist that gets periodically downloaded by the OS. But then you're back where you started - who maintains the blacklist?

Decentralized DNS is fantastic for botnets that use Domain Name Generation (DGA). https://en.wikipedia.org/wiki/Domain_generation_algorithm

You can easily control the domains, schedule their use, and not worry about takedowns.

But are handshake domains free? Who pays the ETH blockchain fees?

Handshake is not Eth based it runs on its own blockchain. There are still fees but they are quite small. Less than a penny per update currently.

Maybe don't think it as a DSN, but rather how the Root Files are hosted. Currently there are national security issues with the way how Root Files are hosted. It is ONLY fair since the Internet is for the world that the Root Files are decentralised in that fashion as well.

Although I'm not entirely sold on BlockChain, there are other more energy saving gossip based Byzantine fault tolerant protocol to consider for use. However, everyone is just prototyping in this space. So for one I'm big supporter for the Root Files to be stored in this fashion, even if it is on a blockchain.

If you can't live without blacklists, then maintain them yourself. No protocol will do it for you, if DNS or IRC gets inconvenient, then botnets move to reddit or twitter (some already did).

Similar question: based on Zooko's triangle, decentralization will reduce the security of DNS. How secure are blockchain based naming systems like Handshake, ENS, Unstoppable, Blockstack, etc?

In fact, the idea of handshake seems to take care of exactly that. Decentralization without loss of security. Basically, you have the name and the certificate associated in the chain itself and go the dane route. I'm not the best person to explain these, but I guess there is a little about this on handshake.org

So I install the handshake daemon on my laptop, and I resolve paypal.com. Where do I go?

The current TLDs (eg `com`), have been reserved for their current owners to claim.

Try resolving welcome.nb/

I don’t think we need anything besides a hash and del.icio.us decentralized.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact