They're not using a ca-like central authority model. They're using Namecoin (or something like it), which is decentralized authority, verifiable via crypto.
never said they should. saying the kind of complexity presented by a blockchain is an insane way to work in low-trust environments with competent adversaries.
they should be working on reducing the complexity in the trust model. I trust the person who told me about a service. why can't I just get the keys from them, and verify that all of my other friends agree?
> why can't I just get the keys from them, and verify that all of my other friends agree?
You can, that's what a .onion address is. This isn't too great for regular users; .tor addresses make it easier to work with. There's an observation here that people are already trusting google and onion directories to non maliciously give them the right onion address, this is trying to spread out that trust to a blockchain.
The nice thing about a blockchain based model is that while you need to trust the network to be sane, in case someone tries to use lots of computational power to break past this, targeted attacks are still not possible, the attack (redirecting a name) will be visible to the entire network.
The problems related to blockchains are very well known. Blockchains have been used extensively at this point, for highly critical applications. They're the most censorship resistant platforms known to exist.
Care to name a point where a blockchain stood between MSS and Chinese dissidents? NSA and islamic radicalizers? SVR and someone Putin wants dead?
I'm stoked about blockchains as much as anyone else (heck, I quit a job at Google and spent a year playing with them when Bitcoin first came on the scene). But to say that they are a good thing to build on top of when facing adversaries that have 7 figure USD budgets and capabilities to perform active attacks on non-trivial chunks of the internet strikes me as just a bit naive.
