Opened 5 years ago

Closed 4 years ago

#1327 closed enhancement (wontfix)

i2p domain registration gpg as root trust

Reported by: rfree Owned by:
Priority: major Milestone:
Component: www/i2p Version: 0.9.13
Keywords: dns, domain, pgp, gpg Cc:
Parent Tickets: Sensitive: no

Description

Problem: when registering a domain, the main authority to prove ownership of i2p domain is the key that must be known to some online computer that will be serving the .i2p site. Online computers can be compromised usually given enough effort.

In such a case there is no higher authority to prove ownership of compromised domain.

Solution: on registration of domain add text field for PGP key.
Add option to load such key from thesite.i2p/domainkey.asc in same manner as a key is checked when creating sub-domains (but fixed name and download it and add to history).

In worst case if domain is compromised, when someone manages to contact zzz or other DNS owners, if he still has sole ownership of the pgp key (e.g. generated on offline computer) he can prove it is him and provide new i2p destination for the domain.

I consider this a major priority for the reason that this is needed for serious security applications where basically every online system is not 100% secure.

Subtickets

Change History (3)

comment:1 Changed 5 years ago by rfree

Component: unspecifiedwww/i2p
Keywords: zzz dns domain pgp gpg added

comment:2 Changed 5 years ago by zzz

Cc: zzz removed
Keywords: zzz removed
Milestone: 0.9.14

comment:3 Changed 4 years ago by zzz

Resolution: wontfix
Status: newclosed

I don't own the domains. Welterde does.

You didn't reference any standard for adding GPG keys to the text record. If there is such a standard, perhaps we could ask Welterde to look into it, although he doesn't have a lot of time for I2P these days. If this is some one-off add-hoc proposal for sticking a key in there, I don't see the point.

This is unlikely to happen.

Note: See TracTickets for help on using tickets.