subdomain ownership will only be on the ENS clone. The name data on the ‘badass’ Handshake name will be set to, for example:
{
"records": [{
"type": "NS",
"ns": "0x36fc69f0983E536D1787cC83f481581f22CCA2A1._eth."
}]
}
This can then be resolveable with a plugin to hsd, which will query the data on the ENS subdomain and resolve the subdomain from this data.
Then we will lock the Handshake name forever with this script:
OPTYPE
0x08 // RENEW
OPEQUALVERIFY
this will make the Handshake name unchangeable by anyone, but renewable by anyone. So it will be completely trustless subdomains via the ENS clone, on a completely trustless root zone (Handshake).