Conversation
crypto signing and verification is very fragile, docs around this should be very precise
pawel-kow
left a comment
pawel-kow
left a comment
There was a problem hiding this comment.
sorry, I've added comments here but never published the review
| query for a TXT record called _dcpubkeyv1 in the domain specified in the | ||
| syncPubKeyDomain from the template. | ||
| syncPubKeyDomain from the template. | ||
| After generating and adding your key can test if its available from DNS TXT records https://exampleservice.domainconnect.org/sig[here] |
There was a problem hiding this comment.
I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.
| Jy/EM124hpT9lMgpHKBUvdeurJYweC6oP41gsTf5LrpjnyIy9j5FHPCQIDAQAB | ||
|
|
||
| ---- | ||
| A service for generating the DNS records from your public key can be found https://exampleservice.domainconnect.org/sig[here] |
There was a problem hiding this comment.
Same here. I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.
|
|
||
| The Service Provider must generate the signature with RSA256 hash, | ||
| PKCS1v15 padding and Base64 encode it before adding it to query parameters. | ||
| Example service in python can be found https://github.com/Domain-Connect/exampleservice/blob/master/sigutil.py[here] |
There was a problem hiding this comment.
In the formal specification I would rather not refer to any example implementation or source code other than an example code snippet.
|
Side comment -> more remark to the signing part not being described that well: #93 (comment) |
2 participants
crypto signing and verification is very fragile, docs around this should be very precise