Domains Should verify with DNS. #35
Labels
enhancement
New feature or request
Comments
|
Should I change the "Link to Domain (https)" option to "Link to Website (https)", and then add the DNS option: "Link to Domain (dns)"? I am sort of following what Keybase had as options for proofs. |
This sounds awesome! Maybe the tool should only accept DNSSEC domains? |
|
@prusnak IIRC only some TLDs -- beit gTLD or ccTLD -- support DNSSEC so enforcing DNSSEC only would render certain verifications impossible. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Unfortunately the only way to sign a key for a domain with keys.pub currently is via uploading a file to a server. This does not verify a domain, this simply verifies that a domain is linked to a server, in which case the server can be changed, swapped, etc. This is a security vulnerability, and ought to be corrected. Keys need to be signed in coordination with the DNS records themselves, so that servers are not involved.
The text was updated successfully, but these errors were encountered: