Proposed standardized way to add public key information in a DNS TXT record
Use the URI scheme, so it can be easily parsed.
TXT record in the format of "cert:secp256k1/ecdsa?kid=02300d753f822691b63c0c79134aa2069c946768600a3fb32b6078b8209e75d203"
scheme is "cert"
path is curve/algoriithm eg.: "secp256k1/ecdsa", "secp256k1/ecdsarecovery", "secp256k1/schnorr", etc,
query contains parameters, e.g. "kid" is hex encoded string of public key.
This allows any curve/algorithm to be easily specified, and the urllib library makes it easy to parse out any additional parameters, if required.
Also use _cert_ as standardized qualifier.
code snippet on how to parse.
# Example of how to parse a TXT Record
from urllib.parse import parse_qs
from urllib.parse import urlparse
# get record from DNS TXT record e;g., _cert.example.com
certificate_record = "cert:secp256k1/ecdsa?kid=02300d753f822691b63c0c79134aa2069c946768600a3fb32b6078b8209e75d203"
parsed_record = urlparse(certificate_record)
parsed_dict = parse_qs(parsed_record.query)
# Note that parse_qs returns each parameter as a list, so need to take element [0]
print(parsed_record.path)
print(parsed_dict)
pubkey = parsed_dict['kid'][0]
Proposed standardized way to add public key information in a DNS TXT record Use the URI scheme, so it can be easily parsed.
TXT record in the format of
"cert:secp256k1/ecdsa?kid=02300d753f822691b63c0c79134aa2069c946768600a3fb32b6078b8209e75d203"scheme is "cert" path is curve/algoriithm eg.: "secp256k1/ecdsa", "secp256k1/ecdsarecovery", "secp256k1/schnorr", etc, query contains parameters, e.g. "kid" is hex encoded string of public key.
This allows any curve/algorithm to be easily specified, and the urllib library makes it easy to parse out any additional parameters, if required.
Also use
_cert_as standardized qualifier.code snippet on how to parse.