Using DNS as handle is nice. Do people know if (and how) it interacts with DNSSEC? - ThreadSky

About ThreadSky

thibmeu.com • 693 days ago

Using DNS as handle is nice. Do people know if (and how) it interacts with DNSSEC?

Comments

When checking on a few domains, DNSSEC is not mandatory. I wonder is there is plan to introduce it, use multivantage, or how it would work with a broken chain.

wills.co.tt•693 days ago

My mental model is that the registry mapping from did to domain handles is maintained by bluesky right now - so it’s whether their server does validation

bmann.ca•693 days ago

Yeah you’re putting a DID in at a well known subdomain and then signing with your DID on the bsky side saying “that’s me”.

Not clear what DNSSEC would add other than guarantee that 90% of users would have trouble with it!

thibmeu.com•693 days ago

DNSSEC would prevent tampering on the DNS answer, and some account impersonation.
With the key stored in bluesky db at the moment, that's fine as long as their resolver is trusted, which we don't have a view into. DNSSEC would allow more transparency.

wills.co.tt•693 days ago

Part of federation will also be a decentralization of this - presumably allowing for other types of DID issuers

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply