(This is Part VI of Eric Rescorla series on DNS Security )
.... The main advertised advantage for blockchain-based systems is censorship resistance. The first thing that Namecoin lists as it's value proposition is "Protect free-speech rights online by making the web more resistant to censorship." Similarly, ENS advertises itself as "Launch censorship-resistant decentralized websites with ENS.". The answer to the question of whether these systems are more censorship resistant is "sort of". As we saw before, there are two primary ways to censor a domain name in the DNS (1) legally/administratively take over the domain itself (2) block the domain name resolution process. We need to look at these independently.
It's far from clear that these are actually good properties to have, for two reasons. First, if you lose your signing key you have effectively lost your domain, which seems like a terrifying prospect if you're the person in charge of cisco.bit. You certainly don't want to be like that guy who had 220 million dollars locked up in a Bitcoin wallet that you've lost the password for. Second, while it may seem like a good property that nobody can take your correctly registered domain away from you, it also means that if someone registers a domain for a trademark you own then you can't take it away from them, which is obviously less desirable. Given the importance of the UDRP for the existing domain name system, I have a hard time seeing most big company wanting to participate in that kind of a system, given the risk that they will be unable to protect their trademarks ...
read more
.... The main advertised advantage for blockchain-based systems is censorship resistance. The first thing that Namecoin lists as it's value proposition is "Protect free-speech rights online by making the web more resistant to censorship." Similarly, ENS advertises itself as "Launch censorship-resistant decentralized websites with ENS.". The answer to the question of whether these systems are more censorship resistant is "sort of". As we saw before, there are two primary ways to censor a domain name in the DNS (1) legally/administratively take over the domain itself (2) block the domain name resolution process. We need to look at these independently.
Domain Takeover
How resistant this kind of system is to domain takeover depends on the name allocation and reassignment policy. The simple first-come-first-served system I described above really is more resistant to takeover by governments or by anybody else. The ledger enforces ordering and so there's just no external mechanism to transfer a name from someone to someone else. The system of course needs a mechanism to do transfers, but that's done by having the original owner sign the a transfer and that means you need the owner's private key, which the government or ICANN wouldn't have.It's far from clear that these are actually good properties to have, for two reasons. First, if you lose your signing key you have effectively lost your domain, which seems like a terrifying prospect if you're the person in charge of cisco.bit. You certainly don't want to be like that guy who had 220 million dollars locked up in a Bitcoin wallet that you've lost the password for. Second, while it may seem like a good property that nobody can take your correctly registered domain away from you, it also means that if someone registers a domain for a trademark you own then you can't take it away from them, which is obviously less desirable. Given the importance of the UDRP for the existing domain name system, I have a hard time seeing most big company wanting to participate in that kind of a system, given the risk that they will be unable to protect their trademarks ...
read more
