[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

[Jerry Leichter]

> Blockchain, for all its "horrendously energy-intensive, storage and bandwidth hungry” resource usages, guarantees that the resource records are in fact those desired by the holder(s) of the private key of said name.
> 
> Even with DNSSEC, to be clear, there are still other actors who can do things (who controls your tld, not you right?).
> 
> By moving this last root level of trust to a consensus blockchain, you get true p2p authentication with no outside actors in the provenance of verification/chain of trust.
This is magical thinking.  Blockchain guarantees that everyone gets the same view of the data.  It cannot possibly guarantee that that view of the data is _correct_.  That is:  I own lrw.com.  So I am the only one who can propose a change to lrw.com's hypothetical entry in the blockchain and have that change accepted.  But ... who am *I*?  What's to prevent *you* from proposing a change to lrw.com's blockchain entry and having it accepted?  My own identity has to be established first.  Who do I establish it with?  How?  If someone does manage to steal my identity (presumably it's some kind of private key, and we know that those get stolen) who would I appeal to to get ownership back again?

"Blockchain" is one component of the whole system.  It doesn't solve every problem.  (Arguably it hasn't actually managed to solve _any_ interesting problems.)
                                                        -- Jerry