Handshake is a naming protocol that’s backwards compatible with the existing DNS. It does not replace the DNS protocol, but it replaces the root zone file (where TLD ownership is stored) and the root servers with a distributed and decentralized system that anyone can use. This allows the root zone to be uncensorable, permissionless, and free of gatekeepers like the ICANN which manages the root zone today. Handshake users can register any name they can think of as a TLD and truly own them as opposed to renting domains in the ICANN system.
Every peer in the network cryptographically validates and manages the root zone, which also removes the need for the Certificate Authority system (CAs) entirely (learn more). Names are logged on the Handshake blockchain — essentially one big distributed zone file that anyone has the right to add an entry in.
Existing TLDs like .com, .net, .org (and the top 100k Alexa names) are blacklisted from being registered on the network and Handshake resolvers use traditional TLDs as the source of truth when you visit a traditional domain like Namebase.io. Naturally, Handshake resolvers like NextDNS.io use the Handshake blockchain as the source of truth when you visit a Handshake domain (learn how to use NextDNS).
Basically, traditional DNS has been the single trust root for securing the internet. Now with Handshake, there’s an alternative to traditional DNS for a more collaborative decentralized network. Anyone who wants the ultimate freedom for domain extensions, outright ownership of a TLD (top-level domain), and the removal of a Certificate Authority system should look into getting a Handshake TLD.
Handshake was created with this freedom in mind. Handshake began as a piece of software that serves to have a decentralized base layer of the internet, compared to DNS that has become more centralized since the 1990’s. With the Handshake software comes the Handshake TLD — the naming system powered by users and Handshake’s cryptocurrency (HNS).
Unstoppable and private
With the Handshake protocol, you enjoy true decentralization, with no official singular Foundation, Committee, Corporation, or entities in permanent unitary control of the protocol.
Even though DNS is infrastructure that the entire world relies on, only a few organizations at the top of the hierarchy control it. The centralized nature of internet names makes it trivial for governments and institutions to censor websites and content through DNS filtering and redirection by not allowing the recursive server to find the intended domain names. Turkish citizens were banned from wikipedia for almost 4 years and are still blocked from the encrypted email provider ProtonMail. Iran recently censored Facebook and Twitter before shutting off their Internet entirely, and the services blocked in China are legion, including Facebook, Twitter, and Google.
The current centralized nature of internet names also results in a loss of privacy. Even if your domain registrar offers WHOIS protections, your ownership information is stored in centralized databases which can still be subpoenaed from a domain registrar. This makes it difficult for people to create politically sensitive websites without compromising their safety. Malicious actors spy on and tamper with your browsing activity, and DNS providers, including ISPs, collect and sell that web browsing history. As a workaround, people resort to VPNs and centralized resolvers like Cloudflare’s 1.1.1.1 which can be shut down at any time (and still require trusting the resolvers themselves).
Uncensorable
Handshake ensures DNS records can only be modified by the name’s owner, which prevents Handshake domains from being censored or maliciously redirected. Handshake DNS data is distributed across all the nodes in its blockchain network instead of a single centralized server. As long as you can connect to any node in the distributed network, you’ll be able to resolve Handshake names, making Handshake names near-impossible to censor.
Privacy preserving
Registering a Handshake domain respects the privacy of the owner by requiring no personal data during registration. Ownership of names are determined by public-key cryptography, so it’s easy to verify name owners by having them sign a message with their private key. Since privacy is a core feature of Handshake names, New Dawn Domains does not charge a yearly fee to keep ownership details private. There is no recurring annual fee or any other related fees to keep your information away from the solicitors, and there is no WHOIS lookup or any other public database where ownership or contact information is exposed.
It is possible to register Handshake domain names on New Dawn Domains completely privately without revealing any information.
A more secure internet
Browsers trust certificate authorities to prove that websites are who they say they are. However, certificate authorities have sometimes compromised the security of SSL by issuing bad certificates or cooperating with governments to spy on and censor traffic. Insecure websites put everyone at risk. Vint Cerf, the “Father of the Internet,” expands on this in his article about self-authenticating identifiers.
Your browser encrypts traffic to websites using TLS (Transport Security Layer), which relies on public key cryptography. Public key cryptography is a method of asymmetric encryption using a pair of keys: a public key and a private key pair (as opposed to symmetric encryption with only one key). The public key is shared publicly and is used to verify signatures. The private key is used to decrypt messages encrypted by the public key. The private key is never shared.
When the browser makes an HTTPS request to Google, it initiates a TLS Handshake with Google and receives Google’s public key. The browser then uses Google’s public key to verify that the rest of the messages in the TLS Handshake are initiated by Google, because only Google has the private key for its public key. This way, even if intermediate networks spy on the request, they won’t be able to decrypt the contents of it. If an intermediary routes the request to another server pretending to be Google, the browser will know because that server won’t be able to respond to the request.
How do you know that Google’s public key is actually Google’s public key? When you make that first request to Google, an intermediate network may have intercepted your request and returned a fake public key for Google. Certificate authorities (CAs) attempt to solve this problem. CAs are trusted third parties that verify the authenticity of public keys for websites. Your operating system ships with a list of vetted CAs by default, and when a website wants to support HTTPS requests, they register their public key with the vetted CAs. You verify that the public key you receive from Google is truly Google’s public key by checking it with your CAs.
There are hundreds of CAs installed on your computer by default — Microsoft Windows comes with 390 certificates, and Mac OS X comes with 170 certificates — all of whom you must trust in order to browse the web “securely”, and even more intermediaries that they delegate trust to. If even a single one of these entities acts maliciously or gets hacked, then all of your HTTPS internet browsing traffic is compromised and vulnerable to MITM attacks. In the DigiNotar attack, the Iranian government hacked a Dutch CA and used it to MITM 300,000 Iranian citizens.
Replacing CAs
Handshake names are their own root of trust and have their TLS keys pinned to them. Rather than relying on an arbitrary centralized list of hundreds of certificate authorities to verify public key authenticity, Handshake makes it possible for anyone to verify key authenticity by shifting the root of trust to a cryptographically-backed distributed root of trust — its blockchain. Instead of a single bad certificate authority compromising your security, the entire Handshake blockchain would need to be compromised in order to compromise your security.
FAQ
How do I use these domains?
You can register any domain name you’d like under any of the TLD extensions we offer for your website, email, blog, cryptocurrency wallet address, etc. but you will need to take a couple of extra steps at first to get things set up. We are optimistic that blockchain domains like the ones we have for sale will lead to a new paradigm for the Internet where domain owners have full ownership over their domain names.
As of May 2021, you can now create a decentralized blog through WordPress that’s accessible through Handshake, stored on Skynet, and backed up by Akash! Here is a guide for how to do exactly that. There is also another way to install and run a decentralized WordPress blog using your Handshake domain name you can consider.
How do I access these domains?
There are several ways to access decentralized Handshake domains. Here is a list, along with instructions, to get you accessing these domains in no time. In the future, you will likely be able to resolve these decentralized domains by simply typing them into a browser like Brave like you do now for legacy domain names.
How do I buy a domain?
Looking to buy a domain on the new decentralized internet? We’ve got you covered! New Dawn Domains is one of the few registrars currently selling blockchain domains. We plan to have an ever-increasing collection of high-quality TLD extensions to choose from to register your new domain name under.
- Decentralized Handshake domains get registered manually, which we will do for you to make the process easy for you.
- We will guide you through the. process of this still very new peer-to-peer decentralized internet domain registration process.
- Our support team is available to you whenever you have any questions.
All of the domain extensions we have are built on the Handshake DNS. Since they are outside ICANN standard DNS protocols, they use the Handshake blockchain as the root DNS zone and requires a special confirmation change in order for the domain to resolve. Recently, it has become even easier to access Handshake domains using these instructions.
Head here for a list of TLDs you can buy a domain name under from New Dawn Domains.
Join the decentralization revolution
New Dawn Domains is committed to helping humanity shift from being reliant on centralized systems towards decentralized alternatives. Handshake domain names are one of the best ways you can be a part of the decentralization revolution. With the internet more popular and relied upon than ever, along with censorship being increasingly rampant, now is the time to make the shift to having your websites on the decentralized internet.