Makoto and I spent most of this week working on DNS integration. I thought I’d give a brief progress update here:
- We’ve implemented support for the SHA1 digest and RSASHA1 algorithm, so domains signed with older algorithms can be verified. I haven’t yet deployed these new algorithms on Ropsten.
- We’ve made some minor changes to how TTLs and signature fields are handled, in response to feedback received at IETF 101.
- We’ve started working on support for the NSEC record (which lets you delete a domain if you can prove it doesn’t exist). Once that’s done we’ll work on NSEC3 (the hashed version of same).
dnsproveutility, to make proving ownership of a DNS domain far simpler than it is at present. It will need some updates, but is actively maintained, so it should not be an issue, hopefully.