A logical next step towards a new, more secure Internet is to remove any central points of trust from the core of the Internet. Following the trust-to-trust principle, DNS and PKI functionality for end-hosts should exist near the edges of the network and not in the core. In the figure above, DNS and PKI functionality is provided in local area networks trusted by end-hosts. Pushing Trust to the Edges:
The trust-to-trust principle sounds great in theory, but can there be a real-world implementation for it? The answer is yes.
Let's imagine a server that provides DNS and PKI functionality and runs in a (local) network you trust. This server needs two things:
- Decentralized Consensus: Ability to reach consensus with the rest of the network about the global state of the DNS and PKI system.
- Tamper Proofing: Mechanism to ensure that data records in the DNS and PKI system cannot be easily tampered with.
Blockchains are great at providing both these properties; nodes can independently reach consensus and tampering with data records requires an enormous amount of compute power. It's not surprising that blockchains have been used to implement decentralized DNS and PKI systems e.g., Namecoin
and, more recently, our work on Blockstack
. How Blockstack Works:
Blockstack implements a decentralized DNS and PKI system as a separate layer on top of the Bitcoin blockchain. You can install it by: $ sudo pip install blockstack
By default the CLI talks to a remote server: