How to make the IC a decentralized Certificate Authority and providing a decentralized DNS on the IC.
How Threshold ECDSA works in solving the problem of on decentralized DNS and decentralized certificate authority?
I’m eager to know the details.
I think we need to respond.
Thank you very much!
Technical IC authorities should adress all the concerns in this guys article:
Their understanding of the current state of domain support on the IC is a bit outdated, but I see no issue with their approach of shipping a custom browser that supports decentralized DNS options. It would be neat to have partnerships with browsers that support direct connections to canisters and can natively verify the certificates of assets without requiring a serviceworker
Can it be compromised? In the screenshot above you can also see that the name servers are managed by Cloudflare. And it’s not just the problem with IC only, you’ll find that a lot of other “web3” projects use Cloudflare to proxy their IPFS requests, sliding into a false sense of security, until they regret it. You can read a story here how BadgerDAO users have lost $130M because they relied on Cloudflare and it got compromised.
If hackers could do it, no doubt government agencies can go to Cloudflare and order them to change the output from a certain canister, to either say that the website has been suspended, or adding a scam page tricking the user to give up their seed phrase, or just add certain scripts quietly exfiltrating all information on the dApp. They can even do that selectively for specific targets, so that other IC users won’t even know it and won’t be able to verify the threat, even if it someone notices something.
Is this part still true?
Thank you and @bjoerntm very much for your patient and detailed help in your busy schedule!