It’s become clear that strong subdomain ownership does not require a hard fork.
For those who are new to this concept, it’s a model where domains can permanently, cryptographically delegate subdomains to particular keys, relinquishing their ability to revoke the names or change the name resolution details.
We can actually do this today with a special indexer & resolver endpoint and without any changes to the core protocol.
We can do this by having two zone file records for each subdomain: a resolution record and a key delegation record.
- The resolution record can be an A record, a CNAME record, or a URI record and instructs a resolver on how to resolve the name.
- The delegation record can be a TXT record that (a) references a public key to delegate all future updates to (b) includes a signature that authorizes delegation from the parent public key.
- Each resolution record should include a signature from the current public key that “owns” the subdomain entry.
- The name resolution endpoint should map to the end of a delegation chain from the original parent key.
The weird thing here is that with this model, each name-specific zone file chain starts to look like it’s own blockchain, where the ownership history of each subdomain follows a chain of something akin to UTXO’s.
The one limitation here is that the domain name owner would be able to censor updates to the subdomain. We could make a few changes to the model to avoid this but it would increase the complexity of the system somewhat. It would involve treating each zone file as a pack or tree of updates to subdomains, even to subdomains that are sub-delegated from other domains.
Once again, we can be confident in the security of the delegation even though the ownership pairings of the subdomains are not represented in the consensus hash. All of the zone file hashes have already been attested to and so we have a pre-defined, agreed upon list of updates and a static trusted chain of delegation.