[tor-relays] an alternative to verifyurl
nusenu
nusenu-lists at riseup.net
Fri Jul 24 09:38:16 UTC 2020
Hi,
based on feedback I got about
https://github.com/nusenu/ContactInfo-Information-Sharing-Specification
I want to add an additional verification option based on DNS records
to allow for the same verification as the verifyurl field provides
but without the need to have a webserver and a proper TLS certificate.
Explained by example:
Lets say the operator has the domain
example.com
and runs a relay with fingerprint
ABCF46A63F9C21FD315CD061B3EAA3EB05283ABC
on IP addresses:
192.0.2.235
The operator would simply create the following DNS record
for verification/linking:
DNS A record:
ABCF46A63F9C21FD315CD061B3EAA3EB05283ABC.example.com
pointing to
192.0.2.235
If the relay has an IPv6 address as well an AAAA record
is created for the same name pointing to the IPv6 address.
Since we require a TLS certificate for verifyurl
this will require DNSSEC to be enabled on the domain
to be validated.
Let me know if you have any feedback on this additional option.
thanks!
nusenu
--
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200724/11f522dc/attachment.sig>
More information about the tor-relays
mailing list