The reason I say I think domains make a great identity is that I don't think it's important for identities to be verified. I even think there's room for 100% anonymous blockchain domains.
The value is in the way the domain owner participates online and what kind of reputation they build. There are many old-school communities where I recognize the handles of extremely knowledgeable, friendly, helpful people and I have no idea what their real names are.
Imagine if the well earned reputations of high quality participants were transferable across online communities by using a domain as global handle.
A domain can expire and be used by a different party. A different person can maintain a website. There are many ways a domain's admin can change. Domains are not guaranteed to be unique even if they are in some cases considered anonymous.
An idea to help with this would be a new resource record type, with an opaque value that changes only when the domain changes hands (yes, it is up to the registrar to decide when to change the value).
The resource records would live underneath registry.arpa, which has delegations that correspond to delegations at the DNS root; so to find out if example.com has changed, you can query:
$ delv example.com.registry.arpa OWNER
example.com.registry.arpa. 3660 IN OWNER "MEpnFkIk4sKW_oLPEl-R7WxFSAnWvgZnLYmRtn-3BkY"
You could put other stuff in there too, such as the start-date of the current registration... this is starting to sound like whois but structured and machine readable. Why on earth did that never take off!
An interesting related thing is the approach adopted by iSCSI, which constructs iSCSI Qualified Name (IQN)s by qualifying the domain name with the dates of registration.
So iqn.2003-05.com.example is a different identity to iqn.2021-01.com.example.
1. Domains are guaranteed to be unique. We have global registrars and global DNS, its not possible to have duplicate domains..
2. Don't utilize a domain that is shared by lots of people. There is also lots of DNS tricks (TXT records) to "pin" a user to a domain or whatever. If the domain is shared (for example a company website), you just add a TXT record denoting what private key is allowed to do things. Heck you could setup fine grained permissions per key via txt records.
2. Yes they can expire and that situation is detectable. How is this any different than twitter or another service allowing re-use of a deleted username?
Of course domain names are unique... As long as BGP routes aren't poisoned or a million other issues. However, the issue mentioned in this thread isn't whether company ABC has abc.com but that 10 people at ABC can administer abc.com.
Twitter allowing reuse of deleted usernames is completely different than an existing domain that is used as a identity credential to represent different people over time.
This thread is not about whether domains can represent properties on the Internet but whether domains are valid for identification purposes of people as login credentials. They aren't valid, because a domain doesn't uniquely represent a person.
I think we should make some new TLDs that come with some validation guarantees. Ie john-doe.nation.citizen is always a person who has an Id with the same “John Doe” issued by some government. The registrar is responsible for validating that. Once issues the domain is never revoked- it’s yours forever, even after death. Maybe you subscribe to something for extra features, but the core identity can’t be recycled.
People don’t always want really strong ID like that though. So make other TLDs for other categories and give them different validation rules. Like .human could have some kind of biometric ID but no name. .blob could be a free for all, whatever.
But who are those for? I mean, I get what you're saying I just don't think it solves the issue. Sure,I could sign up for JoeRogan.biz and start posting using that handle, but I would also have to pay to hide the whois information.
All government agencies would have a verified .gov domain.
States have access to .gov domains
hell, My local town has a .gov domain.
States have access to domains like ca.us, schools in states have access to k12.ca.us domains.
I guess States could offer domains like, person.county.town.state.us but what a mouthful. Or maybe person.citizen.state.us but doesn't seem ideal either.
I guess you could have a verified TLD so you can have individual domains like johndoe.verified... but it takes away from the domain being linked back to my website. Sure I could set up a redirect but boy that's starting to get complicated.
I think domains are a fine barrier for entry for vanity handles. Current domain registers could offer their own verification services where they can include the verification in the whois information.
If Joerogan.biz doesn't come back with some kind of verification string inside then it's not Joe's domain. That string could be a pubkey and services could allow for either encrypted posting or including an encrypted string that verifys against the domains whois information.
Or that pubkey could be stored as a txt record in the domain.
You do realize that most names are far from unique, right? So what if someone can show that they own john-doe.nation.citizen - you still have no idea if that's the right John Doe. Wanting this identy to persist after death only means there will be even more collisions.
Why would you want your real identity tied to online persona? That doesn’t make a ton of sense.
That kind of thing is sometimes suggested as a solution to reduce online disagreements, but in fact just escalate spitballings to murders and gang wars. Not great, in my opinion.
The value is in the way the domain owner participates online and what kind of reputation they build. There are many old-school communities where I recognize the handles of extremely knowledgeable, friendly, helpful people and I have no idea what their real names are.
Imagine if the well earned reputations of high quality participants were transferable across online communities by using a domain as global handle.