3

Aside from the fact that verisign makes a lot of money doling out certificates from a central location.

Rob Truxal
  • 217
  • 2
  • 7
  • 1
    A bit off-topic, every day hundreds of thousands of websites get made, a blockchain would need to 'mine' hashes for every of them. Who's going to mine them? Mining them would take a lot of effort. – O'Niel Jul 29 '16 at 23:06
  • 1
    The difficulty of BTC mining is imposed by its design. Constantly updating ledgers might end up being relatively resource intensive, but I wonder if it would outweigh the cost of breaches due to the setup of the current system. – Rob Truxal Jul 29 '16 at 23:11
  • I think the simple answer to the question in the title is because of the age of DNS versus the age of bitcoin blockchains; regardless of technicalities, one existed well before the other. – Ella Rose Jul 30 '16 at 02:00
  • 3
    -1 because this is just asking why a specific technology is not used without even explaining why it should be used in the opinion of the OP. And on top of this low quality question useless bashing of verisign (which is only one of the several parties involved) without any technical reason to do this. – Steffen Ullrich Jul 30 '16 at 05:43
  • You are asking: "why doesn't a 30 year-old technology use a 5 year-old technology?" Are you really asking a question or are you looking for people to agree that you have a cool idea to fix a core technology? – schroeder Jul 30 '16 at 17:37
  • 1
    Srsly dude? Who thinks that's how the internet works? – Rob Truxal Jul 31 '16 at 21:44

1 Answers1

5

We already have such a system: DNSSEC, that allows precisely the control required.

The problem with using Blockchain with domains, is that theres no inherent link between the domain and the keypair using for signing.

So this information must be tied to each other somewhere. And somewhere would then be at the registrar, making the whole blockchain then useless as the registrar could then directly host the public key used for verifying - voilá - we reinvented the wheel: DNSSEC.

The blockchain is useful in 3 cases: Either, when you want to store public information, that can never be tampered with regards to time (time-stamping of information) or never be erased.

The third case would be where theres a inherent link between the domain and the key used for signing, thats whats makes the system truly decentralized. But then we would get web adresses that look like TOR onion adresses. And TOR onion adresses is exactly this, hashes of public keys that makes it impossible to "forge" a site using a specific onion URL, and this can be validated without having to trust anyone.

To further illustrate the problem:

[secret data] = the private key
[public data] = the public key
[custom data] = your domain name or whatever name you want to associate with public key

There might be possible to create a process where you use some [secret data] + [custom data] to render a output of [custom data], but where [secret data] can be used in such a way that the corresponding [public data] can be programmatically related to [custom data] without having to trust anyone.

The only way I could come up with is a process like vanitygen, as if anyone can create a matching [secret data] for any [custom data], anyone could also "steal a domain name".

Thats why you need a trusted third-party, that will make this association, and make this association only for the person who owns the domain name in question, eg not allow this association for a domain name that is taken. So when it comes to domain names, you MUST trust somebody.

Because I bet you don't want a domain name like this:

Hey. I created a new website. Here it is: l05gh64k3wghvsk7jfs09a07654354f7

Then we don't need any DNS at all, we could simply use the IP adresses.

sebastian nielsen
  • 8,779
  • 1
  • 19
  • 33
  • I disagree with such point of view. The limitation of trusted persons/organizations make them vulnerable to targeted attacks. Blockchain need no registrars at all. If you don't trust to anyone you can duplicate such DNS if you wish. Also putting information about keys and domains is simple. Blockchain is not a database fo coins. Blockchain is verification technology. So there is no limitations. And I think this is just question of time when DNS migrates into BC. – Paul Rumkin Nov 04 '16 at 17:19
  • @PashaRumkin The problem is not that. The problem is that you need some process P, to associate domain name D to key K. And this process must be done by a trusted individual. In Bitcoin/blockchain, you have a adress that is a hash of the public key. Thus you generate D out of Kpub which is generated out of Kpriv, thus Bitcoin can be decentralized. The opposite, generating Kpriv out of D, would mean anyone with knowledge of D, can generate the private key. So its a technological limitation. You need some sort of database, managed by a trusted individual, which then maps D with Kpub's. – sebastian nielsen Nov 04 '16 at 17:47
  • Domain name is a transaction and not a wallet in terms of blockchain. Owner has id which produces from pubK. This id associates with domain. – Paul Rumkin Nov 04 '16 at 18:27
  • @PashaRumkin And id is a hash too. And who should do that association? There you have the problem. Somebody trusted, must do the association. And thats why we have DNSSEC. And remember, DNSSEC does not rely on one single trusted individual. Rather 7 trusted ones, and 7 backups (in case one of the trustee's die), making up a 7 of 14 scheme, before a new TLD can be created. – sebastian nielsen Nov 04 '16 at 18:34
  • You probably misunderstand how blockchain works. All you need to hide is your private key. All other information should be open and validatable by other no one should assign or associate something for you. There is project of such chain https://github.com/okTurtles/dnschain which works as I describe. – Paul Rumkin Nov 04 '16 at 23:34