-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Figure out how to use DNS to secure the security.txt signature #91
Comments
Another proposal I just posted here:
|
It would be good to consider the practical implications of the proposal here. In many organisations there are separate teams that run DNS, Web and Security. Publishing a security.txt would involve all three. Ideally, after that, you ideally have minimal interaction between those team to enable updates. If you go the route of publishing a hash of the signature file, you need the Web and DNS publication to be completely in sync. Which in itself is already hard, since Web and DNS have different caching models. So both from a technical as well as operational perspective there is a high chance of asynchrony. If you publish a public key in DNS that is related to the signature that is published through the website, you have some safeguards against tampering. It's not as big a guarantee as the signature itself, but at least it's some assurance. The big advantage of that approach is that you don't need changes in DNS to update the security.txt file, so less chance of the two not being in sync. For both options I'd recommend having DNSSEC, otherwise the value of having those records in DNS is next to nothing. DNSSEC would also handily solve problems of key rotation that is involved in the signature, since you can use the existing trust of DNSSEC to handle that. |
Deferring to future work, same as # 35 since it would be out of scope for this draft specifically. May want to consider making a new draft in the future just for DNS. |
Will add a DNS example to the Signature field since it is a URI |
Signature directive was removed in -05, deferred to future |
Related to #35 |
Another variant would be to put the fingerprint of the key that would be used to cleartext sign the security.txt file (either on domain apex or special subdomain, like in Random example that I just thought of:
This way one would have to do a little bit of work initially to involve DNS teams to put the record there but all updates to security.txt - as long as they would be signed with the same key - would still be easily possible thus solving @jeroenh problem. |
From an email to the IETF SAAG list:
(related to #28 and #35)
The text was updated successfully, but these errors were encountered: