top | item 38073086 (no title) c4mpute | 2 years ago You could use your DNSSEC signing key to sign a validation message (offline, because that doesn't work over DNS). discuss order hn newest agwa|2 years ago As discussed elsewhere in this thread, domain validation needs to be frequently rechecked. Therefore, it's far more convenient to publish a DNS record than to manually sign messages out-of-band. remram|2 years ago DNSSEC already provides attestation, why add another layer within the same system? c4mpute|2 years ago Because a DNSSEC attestation is usually public, except if you maybe use NSEC 3 and hide the RR behind some random name.
agwa|2 years ago As discussed elsewhere in this thread, domain validation needs to be frequently rechecked. Therefore, it's far more convenient to publish a DNS record than to manually sign messages out-of-band.
remram|2 years ago DNSSEC already provides attestation, why add another layer within the same system? c4mpute|2 years ago Because a DNSSEC attestation is usually public, except if you maybe use NSEC 3 and hide the RR behind some random name.
c4mpute|2 years ago Because a DNSSEC attestation is usually public, except if you maybe use NSEC 3 and hide the RR behind some random name.
agwa|2 years ago
remram|2 years ago
c4mpute|2 years ago