w3c-ccg / did-method-web

DRAFT: did:web Decentralized Identifier Method Specification
https://w3c-ccg.github.io/did-method-web/
Other
32 stars 17 forks source link

Spoofed DNS records aren't an issue #46

Open ekr opened 3 years ago

ekr commented 3 years ago

Additionally, implementors should be aware of issues presented by a Spoofed DNS records where the record returned by a malicious DNS Server is inauthentic and allows the record to be pointed at a malicious server which contains a different DID Document. To prevent this type of issue, usage of DNSSEC which is defined in RFC4033, RFC4034, and RFC4035.

The point of having the server authenticate via HTTPS is to not have to rely on DNSSEC here.