-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS proofs #367
Comments
How about just posting a TXT entry:
|
TXT entries are underrated little things. Could even be on a false hostname (perhaps optionally), e.g. |
DNS is insecure. This must rely on DNSSEC. (edit: or, well, it would be nice...) |
I think this user really hit the nail on the head in this post. However, to get the ball rolling, I'm more than okay with putting my vote towards TXT DNS verification; assuming it works correctly. For example, I, like many of my compatriots host DNS with CloudFlare, and even sometimes HE.NET because they are both very fast and very secure. So, just keep that in mind. |
DNSSEC would be sweet, but as it is currently impossible to get decent Hosting with DNSSEC for many TLDs (I spent a few days searching for a hoster for .de with DNSSEC and came up blank), I think it would be a bad idea to REQUIRE it. Perhaps there could be an extra indicator on the website and in the client if DNSSEC is available, a bit like the "Verified Account"-Badge on Twitter, stating that this record is verified using DNSSEC for added certainty that it is correct. |
The backend of DNS (via TXT) is largely ready to go. Agreed @malexmave; DNSSEC is better but might not be supported enough yet. |
Also, it seems like we would have to implement dnssec ourselves in JS, since node doesn't support it yet. |
I'm not sure it's worth the effort to create a keybase-DNS TXT authentication loop specifically, when we already have PGP and DNSSEC. It seems like it would be much more worthwhile to standardize a way of publishing PGP keys in signed zones, so as to make keyservers entirely redundant. |
There are already some ways to do that. It's just not very widely used. |
Live! |
Suggestion:
Change |
Also, you did not add the new keyword "dns" to
|
Now that we have website proofs done (#28), we should talk about how we'll do DNS right.
The text was updated successfully, but these errors were encountered: