Hacker News new | past | comments | ask | show | jobs | submit login

Very good points. That's also my experience so far, and i think even the most dedicated ETH crowd will acknowledge they had to apply human authority to the source code when they found that "code is law" meant they would loose all their savings due to a bug.

However, i'm personally curious about mixed systems with crypto-identity and human-administered discovery. The best example i have in mind is the GNU Name System, where you can delegate specific names in your zone to someone else's public key, and each zone is administered by the associated public key. This way, you get technical reliability when addressing the public key directly, while still retaining user-controlled delegation of human-friendly names to build a global tree like DNS or a local friend-to-friend mapping (eg. `fatoumata.bob` to reach Fatoumata, whom you know is a friend of your well-known friend Bob advertised in his zone).

As someone who was involved in research in cryptocurrencies, what's your take on such developments?




I've never looked into the GNU name system in any detail, but it does seem to afford a reasonable degree of flexibility by allowing you to publish trust relationships and then delegate to different zones. If I'm interpreting things correctly, I can imagine people generally delegating names in their zone to ICANN in order to have something similar to existing DNS and its robust management, but additionally delegate to other entities for improved censorship resistance. For instance, dissidents could delegate to some private zone that likely offers fewer guarantees. Clients would need to be configurable and perform queries in some priority ordering.

Under this scenario, the ICANN zone could just refuse to publish an entry generated by a key that is deemed invalid (e.g., key is hacked, original private key lost, so revocation cannot by issued but authenticity verified in real life), so you'd probably end up in some situation where government blessed sources are canonical, but there's a reasonable fallback when official sources are not trusted. When these sources aren't trusted users would have to decide for themselves or do independent verification, which seems sensible to me.

I'd like to be able to have some indication that some private non-government controlled "root" zone and the canonical zone diverged so that I can then see if this is something I need to worry about.

Realistically, many buying a domain on something like godaddy would probably have their key managed by godaddy or perhaps tied to their credit card issuer, but more technical people would have the option of safeguarding their own keys.

There are other downsides to this approach in that a DHT is going to have different failure modes and scalability issues than DNS, but at least the obvious ones that occur to me are probably mostly solvable.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: