Skip to content

digital signing extending #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asafdl wants to merge 1 commit into
base: master
Choose a base branch
from
Open

digital signing extending #68

asafdl wants to merge 1 commit into from

Conversation

@asafdl
Copy link

@asafdl asafdl commented Jul 27, 2022

crypto signing and verification is very fragile, docs around this should be very precise

@asafdl
digital signing extending
43a713d 
crypto signing and verification is very fragile, docs around this should be very precise
pawel-kow
pawel-kow requested changes Apr 5, 2024
View reviewed changes
Copy link
Member

@pawel-kow pawel-kow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry, I've added comments here but never published the review

Domain Connect Spec Draft.adoc
query for a TXT record called _dcpubkeyv1 in the domain specified in the
syncPubKeyDomain from the template.
syncPubKeyDomain from the template.
After generating and adding your key can test if its available from DNS TXT records https://exampleservice.domainconnect.org/sig[here]
Copy link
Member

@pawel-kow pawel-kow Mar 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.

Domain Connect Spec Draft.adoc
Jy/EM124hpT9lMgpHKBUvdeurJYweC6oP41gsTf5LrpjnyIy9j5FHPCQIDAQAB
----
A service for generating the DNS records from your public key can be found https://exampleservice.domainconnect.org/sig[here]
Copy link
Member

@pawel-kow pawel-kow Mar 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. I would rather avoid such references. If necessary we may need an implementation guide, however Getting Started on domainconnect.org worked pretty well so far.

Domain Connect Spec Draft.adoc

The Service Provider must generate the signature with RSA256 hash,
PKCS1v15 padding and Base64 encode it before adding it to query parameters.
Example service in python can be found https://github.com/Domain-Connect/exampleservice/blob/master/sigutil.py[here]
Copy link
Member

@pawel-kow pawel-kow Apr 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the formal specification I would rather not refer to any example implementation or source code other than an example code snippet.

@pawel-kow
Copy link
Member

pawel-kow commented Jul 18, 2024

Side comment -> more remark to the signing part not being described that well: #93 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pawel-kow pawel-kow pawel-kow requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asafdl @pawel-kow