Opened 5 years ago
Closed 3 years ago
#1327 closed enhancement (wontfix)
i2p domain registration gpg as root trust
| Reported by: | rfree | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | www/i2p | Version: | 0.9.13 |
| Keywords: | dns, domain, pgp, gpg | Cc: | |
| Parent Tickets: |
Description
Problem: when registering a domain, the main authority to prove ownership of i2p domain is the key that must be known to some online computer that will be serving the .i2p site. Online computers can be compromised usually given enough effort.
In such a case there is no higher authority to prove ownership of compromised domain.
Solution: on registration of domain add text field for PGP key.
Add option to load such key from thesite.i2p/domainkey.asc in same manner as a key is checked when creating sub-domains (but fixed name and download it and add to history).
In worst case if domain is compromised, when someone manages to contact zzz or other DNS owners, if he still has sole ownership of the pgp key (e.g. generated on offline computer) he can prove it is him and provide new i2p destination for the domain.
I consider this a major priority for the reason that this is needed for serious security applications where basically every online system is not 100% secure.
Subtickets
Change History (3)
comment:1 Changed 5 years ago by rfree
- Component changed from unspecified to www/i2p
- Keywords zzz dns domain pgp gpg added
comment:2 Changed 5 years ago by zzz
- Cc zzz removed
- Keywords zzz removed
- Milestone 0.9.14 deleted
comment:3 Changed 3 years ago by zzz
- Resolution set to wontfix
- Status changed from new to closed
I don't own the domains. Welterde does.
You didn't reference any standard for adding GPG keys to the text record. If there is such a standard, perhaps we could ask Welterde to look into it, although he doesn't have a lot of time for I2P these days. If this is some one-off add-hoc proposal for sticking a key in there, I don't see the point.
This is unlikely to happen.