previously on this list Jiri B contributed: > What about as TXT record for dns (in combination with DNSSEC) as alternative > for getting the key? :)
The architecture for the root key handling (offline keys, multiple people etc.) is good obviously with bobs concerns though. I don't know much about signify yet except that it looks nicer than the old system and has been a nice surprise and certainly no nothing of the plans for it, however you have to verify the first root-anchor anyway for DNSSEC which can be done by anyone that builds and the anchor is signed but again requires a web of trust, so there's really no difference. Except that DNSSECs anchor is bundled with unbound already and then updates itself if you don't miss the window etc.. DNSSEC does offer some convenience for some things but not here I would suggest and unless it has moved to ECDSA already?, it isn't secure anyway with the 768bit RSA limit on TXT record size and also offers DOS and a potential of a 100x amplification to DDOS. I certainly have hopes for ECDSA DNSSEC coupled with other things (DNSCURVE, browser domain control validation) being used to sort out https with the only thing that counts (simple domain level trust) but I'm not full of confidence that it will when there is so much money to be made with the pointless (except PR) EV etc.. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
