Hi,
based on feedback I got about
https://github.com/nusenu/ContactInfo-Information-Sharing-Specification
I want to add an additional verification option based on DNS records to allow for the same verification as the verifyurl field provides but without the need to have a webserver and a proper TLS certificate.
Explained by example:
Lets say the operator has the domain example.com and runs a relay with fingerprint ABCF46A63F9C21FD315CD061B3EAA3EB05283ABC on IP addresses: 192.0.2.235
The operator would simply create the following DNS record for verification/linking:
DNS A record: ABCF46A63F9C21FD315CD061B3EAA3EB05283ABC.example.com pointing to 192.0.2.235
If the relay has an IPv6 address as well an AAAA record is created for the same name pointing to the IPv6 address.
Since we require a TLS certificate for verifyurl this will require DNSSEC to be enabled on the domain to be validated.
Let me know if you have any feedback on this additional option.
thanks! nusenu