DNS and the

Future of Authenticity

Indolering • 2015

Significant security benefits for traditional domains:
- Prevents range of MITM attacks.
- Application level encryption (HTTPS, SSH, GPG, ...).
- Network level encryption (TCPCrypt).
DANE/TLSA >= CA Certs
Key pinning and triangulation (e.g. TACK, Convergence, WoT) can be applied to DNSSEC.
Vital to decentralized DNS:
- Universal interface for communicating cryptographic information.

Released in 2011, development stalled 2012-2014.
2014:
- Transition development team.
- Overhaul infrastructure.
- Lost lead dev to brain stroke.
- Libcoin "rebase" attempt.
2014 - 2015:
- Reimplemented on mainline Bitcoin.
- Maintaining parity.
- Migrating to Armory for domain management.
- Standards, etc.

Dynamic Domain Pricing
- Secure against censorship attacks without relying on external information.
- Improve flexibility when reliable external information is available.
Lightweight Name Resolvers
- Block headers and coinbase commitments.
- <100 MB of local storage, ~256K daily download.
- Trustless, no need to check multiple peers.
- 51% attacker trick a lightweight resolver into accepting an old (but previously valid) DNS record for a couple hours every few weeks.

Different security and censorship parameters.
- Remove bad actors.
- Delegates introduce liability concerns.
.P2P Basically Dead
- Diverted funding to core development.
Possible avenue for commercialization.

DNSSEC is coming!
- Makes everything more secure.
- DANE will lead to the collapse of CA's.
- Money will pour into DNS managed services.
Namecoin's architecture is ideally suited for DNS.
- Hard part isn't creating a key value datastore.
- Sharing codebase & miners with Bitcoin improves security and censorship resistance.
- Needs funding, volunteers, and support from academia.