TACK has the advantage to work in the current infrastructure (with some patches): it's a point that should not be ignored if you want wide acceptance.

I wonder whether there is any meaningful difference between the effort it would take to implement TACK securely in a way that doesn't involve paying what amounts to protection money, and the effort required to use a blockchain-based solution.

It wouldn't surprise me in the slightest if the blockchain-solution were actually simpler to implement and deploy. Fetching public key fingerprints involves a single HTTP request that returns some JSON. That's about it.

Don't we still have to then trust whoever is hosting the server returning the json? I guess you could verify with multiple servers, but that doesn't really guarantee anything and increases the requests.

The other option is to a full namecoin client with an up to date chain, correct?

> Don't we still have to then trust whoever is hosting the server returning the json?

It's assumed that you find yourself (or a close friend) trustworthy.

DNSChain is designed to be run by individuals, with no powerful deciding authority (like browser vendors) deciding who you should trust (as with CAs today).

Today, you trust the least trustworthy of hundreds of organizations that you've never heard of.

With this proposal, anyone is free to trust whoever they want, and they can change that instantly without any browser updates or anything along those lines. It's about as trustworthy as you can get.

There are also other reasons (besides authentication) that a blockchain-based architecture is desirable for the Internet:

- real-ownership of domain names (free of political pressures that result in domain-seizures)

- a powerful, global identity system (not run by any government or mega-corporation)

Some concepts & partial implementation: http://okturtles.com/#open-source

Blockchain protocols: the Ron Pauls of distributed systems design.

Replacement of DNS with a blockchain protocol is never going to happen. It's hard enough to talk DNS operators out of baking the CA system into DNS, despite the utter inapplicability of DNS to that problem. DNS has a fierce, powerful status quo advantage.

If you believe strongly that blockchains are going to be the future of global networking, a better plan would be to build a system that ignored the DNS and used a blockchain protocol instead. For instance: the DNS doesn't play any role in matching Google search terms to SERPs, nor does it control how AIM matches names to IM accounts, nor does it control how IRC matches nicks to receivers.

Forklifting out giant chunks of the Internet is a bad plan. Deprecate the Internet and build a new layer on top of it. Eventually, TCP/IP will find itself in the same role as Ethernet; it's inevitable.