Handshake is a naming protocol that’s backwards compatible with the existing DNS. It does not replace the DNS protocol, but it replaces the root zone file (where TLD ownership is stored) and the root servers with a distributed and decentralized blockchain-based system that anyone can use. This allows the root zone to be uncensorable, permissionless, and free of gatekeepers like the ICANN which manages the root zone today.
Every peer in the network cryptographically validates and manages the root zone, which also removes the need for the Certificate Authority system (CAs) entirely. Names are logged on the Handshake blockchain — essentially one big distributed zone file that anyone has the right to add an entry in.
Existing TLDs like .com, .net, .org are blacklisted from being registered on the network and Handshake resolvers use traditional TLDs as the source of truth when you visit a traditional domain like namebase.io. Naturally, the Handshake resolvers use the Handshake blockchain as the source of truth when you visit a Handshake domain like welcome.nb/.
Current domain registrar have built their business on a leasing model, charging website owners an annual recurring leasing fee to rent a subdomain from the registrar's top-level domains (TLDs). These fees are subject to price hikes for most TLDs and recently ICANN was in the spotlight for approving a deal that would remove price caps from protected TLDs like .org.
ICANN, the centralized entity that manages the root zone today, determines what top-level domains — like .com, .net, .org — are allowed. ICANN requires a $185,000 USD application fee to request a new TLD and applications for new TLDs are currently closed, which artificially limits the availability of good domains for website owners and developers.
Browsers trust certificate authorities to prove that websites are who they say they are. However, certificate authorities have sometimes compromised the security of SSL by issuing bad certificates or cooperating with governments to spy on and censor traffic. Insecure websites put everyone at risk. Vint Cerf, the “Father of the Internet,” expands on this in his article about self-authenticating identifiers.
The current centralized nature of internet names results in a potential loss of privacy and censorship. Even if your domain registrar offers WHOIS protections, your information can still be subpoenaed from a domain registrar. Governments and ISPs commonly use DNS filtering and redirection to censor domains. ISPs on the other hand often monetize personal DNS data by selling your web browsing history.
Handshake domains can be truly owned with no renewal fees. Domain owners have complete control over their data and can use their TLDs for anything — from simply hosting a website to becoming a registrar that sells subdomains to other users. Also since governance on Handshake is truly decentralized, no one person or entity can make a governance decision that would impact domain owners or the network the same way in which the ICANN deal could for .org domain owners.
Handshake domains are TLDs that anyone can register, not just ICANN. They can be used like a traditional TLD (i.e my.home/) or simply by themselves as a standalone name (i.e home/). Not only that, but they can also consist of any characters including Chinese (i.e. my.家/), Russian (i.e. my.домой/), and even emojis (i.e. my.🏡/)!
Handshake shifts requiring trust in domain ownership from centralized, potentially insecure Certificate Authorities to a public commons that anyone can use for secure name resolution and certificate ownership.
Handshake ensures DNS records can only be modified by a domain’s owner. This ensures Handshake domains can’t be censored or maliciously redirected. Registering a Handshake domain respects the privacy of the owner by requiring no personal data during registration. Ownership of names are determined by public-key cryptography, so it’s easy to verify name owners by having them sign a message with their private key.