|
|
|
|
|
|
by elliottinvent
1133 days ago
|
|
|
> Hostile service provider A could request ownership of domain X with some other service B. When you, the owner of domain X, go to register ownership of domain X with A, A can show you the information provided service provider B and end up stealing your domain with B. This is an interesting attack vector for the current state-of-the-art. However, you could argue that someone could do the same with the Domain Verification protocol by providing a seemingly useful tool to create a Domain Verification record but secretly hashing the email of the attacker rather than the domain registrant. Since it's hashed (for privacy reasons) there's no way for a normal end-user to realise that. |
|
|