Tutorial 5: Difference between Handshake domains and traditional domains
Understanding the core principles that make blockchain based naming protocols different from traditional domains
In this tutorial we will cover the fundamental differences between Handshake domains and traditional domains. But before we dive into drawing comparisons to the traditional domains, let’s take a step back and look at the history of bitcoin and the emergence of blockchain based naming protocols.
The crypto monolith
The Bitcoin proof of concept emerged during the last financial crisis in the United States, an event that impacted the global markets and economy. Ever since the first genesis block was mined, we have seen a massive shift in the way money moves around the globe. Before bitcoin, the traditional means of sending money cross border or locally were through a bank or money transfer services. Banks on one hand have longer settlement times with transaction fees for sender and receiver. Meanwhile money transfer services provide faster settlement with significantly higher fees. Bitcoin and its ledger blockchain solved this by providing a way for anyone around the world to financially interact with each other without any intermediaries. The intermediaries were the main reason for the high costs and slow transaction times.
Fast forward a decade later, we live in a world where two people can transact without any intermediaries while saving time and money. The risks of price volatility have been addressed through the emergence of stable coins. This is bringing more retail users into the crypto finance ecosystem.
With this history in mind, let’s transition to traditional domain names. For as long as mainstream internet has existed, the governance of internet names (DNS) has been controlled by ICANN, an organization tasked to issue top-level domains (TLDs). As with most centralized governance systems, there are disadvantages of a centralized group of people having so much control over the internet naming distribution.
In this tutorial we will cover a few important areas to compare Handshake to the traditional domains, along with the impact of ICANN’s role as a centralized governance authority.
The aim of the first section is to help you familiarize yourself with the DNS hierarchy. This will help in understanding how Handshake works.
Handshake is the only protocol that works to replace the ICANN root server. By doing this, the resolvers point to an authoritative name server configured to the blockchain rather than ICANN’s root zone file. This enables Handshake to issue new TLDs that live on top of existing DNS. Any owner of Handshake domain names gets a cryptographic key which provides the owner the ability to create signatures signed by the owner’s key. This creates a trustless system that does not rely on Certificate Authorities, minimizing the risk of bad actors creating redirects, phishing attacks and spying on your traffic.
Conventionally, root zones add up all of the TLDs into a root zone file. The root zone file is a text-based document that captures website names with IP addresses. ICANN (gatekeeper) manages and distributes this file. The goal for Handshake is to essentially replace ICANN with a distributed, decentralized process. become ICANN but in a decentralized process. All of the full node peers within handshake would essentially be a root server which would serve the root zone file. Finally, Namebase is integrating with Handshake, which would allow anyone to purchase a TLD or be their own domains registrar. A TLD today requires a $200,000 application fee to ICANN (may or may not get approved), on top of an auction fee which can cost millions. On Handshake however, anyone can bid on a Handshake TLD without a fee and win it through the decentralized auction process.
Why on the blockchain?
Blockchains enable us to store information on millions of devices globally. With the right consensus models, naming protocols can avoid the need to trust back-end servers to resolve queries. This has a huge security benefit. By resolving the immutable blockchain, we can avoid DNS censorship attacks and ensure that internet users land on the web pages they intended to visit.
By now you have an understanding of the DNS hierarchy and the way Handshake protocol works within that architecture. Let’s get deeper into how Handshake is different from traditional domain names.
Today if you want to buy a domain, you’d go to a website like GoDaddy or Google Domains to search and buy a domain name for your preferred TLD. After a few searches, you may find a name that is available but likely due to the competitive naming space, you’ll end up with a less desirable sub-domain. You may end up seeing a domain name you like but in order to see the price, you must go through a broker. When you reach out to a broker, to your surprise, the fee for purchasing the domain may be in hundreds of thousands of dollars. Say you have all the money in the world and you decide to go through this broker and purchase the domain name. What will be unclear is who you bought it from, what your broker paid for it and did you pay the best price. This entire process remains a blackbox and is very inefficient.
How is this different on Handshake
Handshake has an auction based marketplace where anyone can bid on an available name. The person with the highest bid gets to own the name. In this scenario, everyone in the marketplace can transparently see the bidding activity on the platform.
What about Pricing?
In traditional domain registrars, the less desirable (or searched for) names can be bought at a marketplace price. Typically the marketplace price is determined by the registrar based on their promotions. For more desirable names (determined by the number of searches), the process can be a bit of an arbitrage. This is where brokers come in and charge high fees to negotiate a price with the seller. A domain that you could have purchased for $1000 might end up costing you an additional couple hundred dollars based on broker’s fee.
How is this different on Handshake?
The pricing for Handshake TLDs is determined by what bidders are willing to pay for it. Once a domain is released on the blockchain, anyone can start bidding with a minimum bid. It’s possible that you don’t have a competing bid and you’re able to secure the domain at your lowest bid. If there are no other bids, you don’t pay anything for the domain name. It gets better when you are bidding on a name that is more popular. Rather than having an intermediary charge a broker fee, you can bid directly against the highest bidder and see the market activity to determine the true (or potential) value of the domain. Naturally when you don’t have an intermediary charging a middleman fee, buyers benefit by not having to pay commissions..
Renewal fees and ownership It’s important to understand that when you buy a traditional domain, you are hooked to pay the domains registrar a renewal fee each year. This is a fee to maintain ownership of your domain name. The renewal fees are subject to change and often times driven by ICANN and then the registrars. So with traditional domains, you don’t truly own them – you are simply leasing it. Remember the ongoing .org fiasco from a few months ago which started with ICANN removing price caps on a protected TLD.
How is this different with Handshake
Handshake domain names provide true ownership. Which means there are yearly renewal fees*. Handshake TLD owners maintain full ownership since the DNS records are on-chain, making them seizure-resistant and tamper-resistant.
*TLD owners do need to submit a renewal transaction to prove they still have access to their key, but if you use Namebase then our system does this automatically for you.
When using traditional domains and registrars, domain owners have the option to pay for different levels of privacy. These options are priced based on a yearly fee that ranges between $9.99 - $20/yr. However, most of these products don’t entirely protect the owner's identity. Solicitors can source the domain owners contact information using WHOIS lookups and other affiliate databases. The ownership data is also stored in centralized databases, subject to government requests.
How does Handshake protect the privacy of domain owners
Since privacy is a core feature of Handshake names, Namebase does not charge a yearly fee to keep ownership details private. There is no recurring annual fee or any other related fees to keep your information away from the solicitors. And there is no WHOIS lookup or any other public database where ownership or contact information is exposed.
Censorship In traditional domains, governments and state actors can decide to block websites and content by not allowing the recursive server to find the intended domain names. Take Turkey for example which banned wikipedia for almost 4 years. Or the recent internet shutdowns in India. In today’s infrastructure, governments and ISPs have the control on what people can access online. If a website is accidently determined to be harmful, the ISPs can block it, and domain registrars can seize the domains. The process to reinstate ownership is painful and costly.
How is this different on Handshake? Handshake DNS data is distributed across all the nodes in its blockchain network. As long as end-users can connect to a single node in the distributed network, the end-users will be able to resolve Handshake names. This makes Handshake DNS very difficult to censor as opposed to traditional DNS.
Security In traditional DNS, the root of trust for HTTPS is supported by Certificate Authorities. There are thousands of Certificate Authorities that you need to trust in order to browse the web securely, and even more intermediaries that they delegate trust to. If even a single one of those third parties act maliciously or get hacked, then all of your internet browsing is compromised.
How is this different on Handshake? Handshake shifts the root of trust from centralized Certificate Authorities to a distributed root of trust based on the blockchain. Instead of a single bad Certificate Authority compromising your security, the entire Handshake blockchain would need to be compromised in order to compromise your security. Improving security on the Internet is actually one of Handshake’s main innovations. It’s a rather nuanced topic, so to develop a better understanding of how security works in traditional DNS and how Handshake improves it, we recommend reading the following article: Meet Handshake: Decentralizing DNS to Improve the Security of the Internet
How do I get started using Handshake There are numerous ways to use Handshake (fullnodes, command-line interfaces, etc). We created Namebase to make Handshake incredibly easy to use. You can buy HNS, use your HNS to bid on Handshake names, and use your Handshake names all through Namebase. Of course, you can always withdraw your Handshake names to store yourself outside of Namebase as well. Get started by buying HNS
This brings us to the end of our tutorial 5. We hope you enjoyed learning and reading about the differences between traditional domains and Handshake. Keep a lookout for our next tutorial. If you’d like to see our previous tutorials, please refer to the links below.