I know Derrick implemented a firefox plugin to surf .bit domains registered thru the namecoin blockchain, but I don't think that's very convenient to most users either.
Interesting. Is there somewhere I could find out more about this? Does it modify the behavior of SSL certificate verification?
Even then, it's not the greatest solution. I would want to be able to use Chrome as well. Better yet, any browser should ideally work without any plugins.
On a Windows system, what about a new network protocol layer? If it were just another layer in the tcp/ip stack the name could be resolved by either DNS as it is now OR thru a btsDNS service.
The problem isn't resolving a domain name to an IP address. We can do that easily. The problem is protecting against man-in-the-middle attacks (which is
the biggest advantage of using blockchain technology for domain names). You have to assume that any connection to a server will be hijacked (even when you have the correct IP address). The way to protect against this is by the browser warning the user if there is an authentication problem with the server's certificate sent over the end-to-end encrypted connection. If there is an authentication problem, that means there could be an adversary positioned in between the connection between the browser and server trying to listen in on (and even modify) the data passing through the connection, or alternatively the entity on the other end is the adversary itself. Furthermore, you really want to rely on the browsers built in mechanism of SSL certificate validation to provide the protection against these attacks because they have nice user interfaces built to warn the user if this is happening and also the browser won't bother loading the page at all if this happens (this is especially important when you realize that the NSA has used this technique to deliver a malicious web page that
exploited a vulnerability in Firefox just by loading the page). This is why I think a local HTTP proxy is necessary that dynamically rewrites the SSL certificate to be signed by a local trusted root certificate (the only one installed on the computer).