Handshake is a brand new blockchain that replaces the ICANN DNS root zone file. It actually starts off with the current root zone, and then extends it. Users can buy TLDs from the Handshake blockchain using an auction process, and register DNS records right on the chain. Handshake ships with a lightweight resolver written in C to make HNS requests available to underpowered machines.
It’s a very cool project, including a massive airdrop of coins to open-source internet citizens. Legacy DNS name owners in the Alexa top 100,000 have their names already waiting for them on chain, claimable with DNSSEC proofs.
We expect mainnet launch within the year.
I wanted to post about in this community because of the Purism dedication to opensource, privacy and decentralization. I think Handshake would be an awesome addition to the Librem line, including the Librem 5 (can’t wait to get mine!).
If anyone’s interested, I’d love to continue this discussion here about including Handshake DNS resolution in Librem products and decentralize the power under the exclusive control of ICANN!
If you wanna go down this rabbit hole, here’s a fat wad of resources:
This is the Handshake light client: https://github.com/handshake-org/hnsd
The new data structure called the “urkel” tree was designed with light clients in mind from the very start.
There is no hierarchy of authorities to governing the domain names, GNS zones are controlled by a private key. GNS is fully decentralized and stores that information in a DHT. The validity of the records is assured cryptographically, by signing them with the private key of the respective zone. So when we talk about the owner of a GNS zone, that’s really the owner of the private key. Queries and replies
are encrypted, an adversary can only perform a confirmation attack.
GNUnet is not trying to replace the current Ethernet TCP/IP system, because it can - but does not have to - run as an overlay network on top of the existing internet. The GNUnet transport system has several plugins for different protocols, like TCP, UDP, WLAN, Bluetooth and one could for example implement a plugin for packet radio.
GNUnet is not only a peer to peer network, but also a framework for applications using that p2p network. The GNU Name System is already an application on top of that framework.
Yes Handshake is an alternative DNS root zone secured by proof of work, it is a new blockchain where everything is streamlined and optimized just for DNS. If I ever get my phone (Evergreen, ordered April 2018) the first thing I’m going to do is try to compile hnsd: https://github.com/handshake-org/hnsd which is a Handshake light client written in C, using unbound as the recursive resolver.
You can not only “reserve” your own website name in GNS. You can do it for all websites, if you like, and you can give what ever name you like to that website.
Let say you create a root zone (Identity) on your own GNUnet peer named “alice”. Now you add a public A record to the zone with ip 195.54.164.39, and you call it “ccc”. You can now resolve your own record with “ccc.alice”.
Now you can give the public key of your root zone to Bob. He adds the public key into his root zone. Now Bob can resolve your record with “ccc.alice.bob”.
This part is clear to me.
The question is how you will prevent conflicting top-level domains if there is not one root zone? As I understand the biggest problem with TLDs is that to avoid conflicting domains you have to have one centralized root zone. And that’s where ICANN comes, but then it is problem that this centralized entity is the central fail point. And Handshake solves it by holding this one root zone file on multiple machines using a decentralized network, same as the Bitcoin network is holding an account list across multiple machines on a decentralized network.
If conflicting means not getting the same IP address when resolving with the same name depending on whom you ask, this problem boils down to whom you trust.
Remember that you also trust in all the players of the actual hierarchical DNS.
The main points of GNS are:
Censorship resistance
Query privacy
Secure name resolution
Compatibility with DNS
But GNS is not just meant to be an alternative for DNS!
Yes and the Handshake resolver has an ICANN “fallback” if a TLD is not in the HNS root zone, the resolver will check the ICANN root zone. I have HNS resolvers set up on all my devices including mobile. There has been no interruption at all with usual browsing and I get the advantage of HNS names. There is a potential conflict if ICANN ever issues more TLDs, that conflict with HNS names. The default behavior in the HNS resolver is to “prefer” the HNS name, but this can be adjusted by the user.
