What can you do with Handshake and DNS now?

Using OpenSSH, it’s possible to store SSH fingerprints in DNS. This means that if you're using a Handshake Name System (HNS) resolver, you can actually already verify SSH fingerprints in a decentralized way. This is possible without needing to install any additional, special SSH software.

DNS has an additional feature that allows you to verify TLS certificates by storing a hash of your ‘SubjectPublicKeyInfo’. This means that there is now a P2P way to trust self-signed certificates, as long as they have a valid DNSSEC trust chain set up. Anyone can set up a valid trust chain without having to ask anyone's permission to do so.