Ah but May 7th there *was* no core team. In fact, just a few posts up from that -


Things have progressed, and a core team formed thereafter. NoodleDoodle was and has always been part of the core team *from its inception*. Clearly one of the reasons for this is his work he did on the PoW implementation, as well as his many (invisible to the outside world) contributions thereafter.


You're conflating - if you lose your private key to your Monero wallet, you can still change the address if you use OpenAlias. So you'd tell people to send funds to donate.monero.cc or whatever, and if you lost control of your wallet you'd merely update your address on that domain.


Congratulations for re-discovering Zooko's Triangle:)

OpenAlias is pretty much 1:1 email addresses, but with a layer that makes it secure. Users may not be required to memorise my email address, but I can definitely have a memorable email address if I choose to. The infrastructure for that is ancient and mature. With a new, closed aliasing system you will have a scenario where memorising it becomes impossible because the bulk of the easy combinations are taken.


I don't know why you'd suddenly decide to show some obviously faked output, but that's not what happens at all. If you use unprintable characters in your browser what happens? Same thing happens in Monero. Here, I cut-and-paste your two "examples" -


[wallet 49VNLa]: transfer 0 donate.monero.cc 10
For URL: donate.monero.cc,DNSSEC validation FAILED!
 Monero Address = 46BeWrHpwXmHDpDEUmZBWZfoQpdc6HaERCNmx1pEYL2rAcuwufPN9rXHHtyUA4QVy66qeFQkn6sfK8a HYjA3jk3o1Bv16em
Is this OK? (Y/n) n
Error: User terminated transfer request, disagreed with dns result from url: donate.monero.cc
[wallet 49VNLa]: transfer 0 donate.monero.cc 10
Error: wrong address: donate.monero.cc


If you can create a fake FQDN with unprintable characters you can do more harm to actual institutions than Monero.


You may have watched the hangout, but I don't think you actually took the 7 minutes required to read and understand the information on the website. Here are some salient points:

"With Namecoin, DIANNA, P2P-DNS, and other systems bringing decentralised DNS to the fore, the OpenAlias standard has been designed to be simple enough to drop in and work."

"In order to ensure that lookups do not betray the user's privacy it is best to implement DNSCrypt from OpenDNS, and force resolution via a DNSCrypt-compatible resolver. Dependent on your use-case, you may choose to bake DNSCrypt into your software, or bundle dnscrypt-proxy along with your application."

"There are only a handful of DNSCrypt compatible resolvers worldwide, and fewer still that additionally support DNSSEC validation, support Namecoin resolution, and don't log DNS requests. Additional DNS resolvers that meet these criteria will be launched and operated by OpenAlias and by contributors in the coming months. In order to make your life easier, you can get a list of available resolvers that have DNSCrypt operational on port 443 by fetching the A records from any of the following domains:

resolvers.openalias.org
resolvers.openalias.ch
resolvers.openalias.se
resolvers.openalias.li
"

So to speak to your specific points, OpenAlias solves them all:

Malicious resolvers - the standard recommends using resolvers linked by the resolvers.openalias seeds, or hey, run your own resolver.

spoofing/poisoning attacks - not possible with DNSSEC, I challenge you to prove otherwise

Most resolvers aren't using DNSCrypt - well isn't it great that there are tons of volunteers that run DNS resolvers that already do, and we'll be throwing down some m

setting up alias requires registering/managing a domain and keeping it renewed - I think GoDaddy has demonstrated that this is a consumer-grade service in 2014. In fact, for $36/year you can get GoDaddy's Premium DNS, and they provide managed DNSSEC on up to 5 domains! Additionally, the nature of the standard means that anyone can drop a domain down and provide alias services (for free or pay). The only real challenge is this space is preventing such a service provider from accumulating thousands of addresses on their service and then overnight changing all the addresses to ones that they control. This is trivially solved by having multiple signers on the records, thus invalidating it if it is changed and signed with only one of the two signatories.

so it's not decentralised or optimal from a privacy standpoint arguably - which is why we only link resolvers (and will only provider resolvers) that also have Namecoin support. There's no reason for your OpenAlias alias to live centralised, when it can happily exist on Namecoin's decentralised network (AND your query can use DNSCrypt and Namecoin records can by secured by DNSSEC, see NamecoinToBind for backhaul implementation details).

In other words, OpenAlias covers multiple use-cases, from the most entry level of users that just wants an X.paymemoneyz.com alias, to the more technical user happy to pay GoDaddy $36/year and have vanity aliases all over the place, to the geek that runs his own DNSSEC-ready infrastructure, to the decentralisation-obsessed user who puts his alias on Namecoin. It disconnects the cryptocurrency from the aliasing system, and let's the existing, decades-old infrastructure handle all the nonsense around it.