provoost on Nostr: Indeed, your domain registrar can always rug you by pointing a record to their own ...
Indeed, your domain registrar can always rug you by pointing a record to their own server and issuing a fresh https certificate.
Meanwhile DNSSEC is easier to verify,
matt (npub185h…wrdp) wrote some Rust code for it, unlike https which only browsers can.
Privacy downside in is having to fetch the TXT record with the proof somehow, e.g. with DNS-over-HTTP. But you could have relays share the records.
Published at
2024-07-15 18:20:22Event JSON
{
"id": "c184c1165245e5ccd9ccacf6379647573c289761d92a8bccf66b5b7b0c3ff27c",
"pubkey": "8685ebef665338dd6931e2ccdf3c19d9f0e5a1067c918f22e7081c2558f8faf8",
"created_at": 1721067622,
"kind": 1,
"tags": [
[
"e",
"28afdfde1f4fa17506f17fb65ee0e8691d1fc5b96e95864bd63a4ac81d8de1f3",
"",
"root"
],
[
"e",
"1804a7fc127c474ad8e77ad155ba974443920cee26beef0b74325c1d288299a8",
"",
"reply"
],
[
"p",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"15af9e028db92e50d5462ff5837ed952d41a9bc52149fbdea45bfc0dccd7c6d9"
],
[
"p",
"3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594"
]
],
"content": "Indeed, your domain registrar can always rug you by pointing a record to their own server and issuing a fresh https certificate.\n\nMeanwhile DNSSEC is easier to verify, nostr:npub185h9z5yxn8uc7retm0n6gkm88358lejzparxms5kmy9epr236k2qcswrdp wrote some Rust code for it, unlike https which only browsers can.\n\nPrivacy downside in is having to fetch the TXT record with the proof somehow, e.g. with DNS-over-HTTP. But you could have relays share the records.",
"sig": "c0d4607c6a53db150d4f0eea897ae361a06891a256470dfcac57c908b6abcae4ade0bc17e2d54ce5bf3498d9ea6601fea05979481a1a01ddb5086fbe0b87622d"
}