Why isn't Internet DNS based on blockchain?

Aside from the fact that verisign makes a lot of money doling out certificates from a central location.


We already have such a system: DNSSEC, that allows precisely the control required.

The problem with using Blockchain with domains, is that theres no inherent link between the domain and the keypair using for signing.

So this information must be tied to each other somewhere. And somewhere would then be at the registrar, making the whole blockchain then useless as the registrar could then directly host the public key used for verifying - voilá - we reinvented the wheel: DNSSEC.

The blockchain is useful in 3 cases: Either, when you want to store public information, that can never be tampered with regards to time (time-stamping of information) or never be erased.

The third case would be where theres a inherent link between the domain and the key used for signing, thats whats makes the system truly decentralized. But then we would get web adresses that look like TOR onion adresses. And TOR onion adresses is exactly this, hashes of public keys that makes it impossible to "forge" a site using a specific onion URL, and this can be validated without having to trust anyone.

To further illustrate the problem:

[secret data] = the private key
[public data] = the public key
[custom data] = your domain name or whatever name you want to associate with public key

There might be possible to create a process where you use some [secret data] + [custom data] to render a output of [custom data], but where [secret data] can be used in such a way that the corresponding [public data] can be programmatically related to [custom data] without having to trust anyone.

The only way I could come up with is a process like vanitygen, as if anyone can create a matching [secret data] for any [custom data], anyone could also "steal a domain name".

Thats why you need a trusted third-party, that will make this association, and make this association only for the person who owns the domain name in question, eg not allow this association for a domain name that is taken. So when it comes to domain names, you MUST trust somebody.

Because I bet you don't want a domain name like this:

Hey. I created a new website. Here it is: l05gh64k3wghvsk7jfs09a07654354f7

Then we don't need any DNS at all, we could simply use the IP adresses.

Category: dns Time: 2016-07-29 Views: 0

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.302 (s). 12 q(s)