Read CONIKS: Bringing Key Transparency to End Users, by Melara et al, 2014.

Some background material: here.

The paper has in mind naming for the purpose of secure communication. Would the paper's style of naming also be useful for decentralized applications? For example, would this kind of name work well for ACLs for stored data?

CONIKS involved centralized naming services, with decentralized checks. Does this combination seem good? Does it seem like a significant improvement over a purely centralized scheme?

What's the general landscape of naming schemes? What do people use today for name->publickey bindings? What other schemes have been proposed?

When Alice looks up e.g. bob@foo.com using CONIKS, it would be nice if she got the correct answer. What might "correct" mean in this context? Does CONIKS come reasonably close to guaranteeing to yield correct answers?

The paper is very concerned about the possibility of equivocation. Why is that so important? Does equivocation seem like the primary security problem for naming schemes?

Why is it critical that users monitor their own bindings? Is this a realistic requirement?

If a user didn't monitor his/her own bindings, what bad things could a provider get away with?

If a user detects that his/her own bindings are wrong, what should the user then do?

How does CONIKS relate to Blockstack, another naming system by a similar set of authors?

If Alice thinks that an attacker might have stolen one of her private keys (perhaps by stealing one of her devices), how does she go about changing her binding? Does this procedure seem reasonably secure? What if Alice loses all of her private keys -- is there some kind of key recovery scheme?

CONIKS hides lots of information about names (see Section 2.2). Why is that important?

How expensive would it be to perform monitoring and auditing in a CONIKS system with millions of users? Billions?