Y
Hacker News
new
|
ask
|
show
|
jobs
by
c4mpute
968 days ago
You could use your DNSSEC signing key to sign a validation message (offline, because that doesn't work over DNS).
2 comments
agwa
968 days ago
As discussed elsewhere in this thread, domain validation needs to be frequently rechecked. Therefore, it's far more convenient to publish a DNS record than to manually sign messages out-of-band.
link
remram
968 days ago
DNSSEC already provides attestation, why add another layer within the same system?
link
c4mpute
967 days ago
Because a DNSSEC attestation is usually public, except if you maybe use NSEC 3 and hide the RR behind some random name.
link