Nigeria No1. Music site And Complete Entertainment portal for Music Promotion WhatsApp:- +2349077287056
Friday, 5 May 2023
Show HN: Make domain verification as easy as verifying an email or phone number https://bit.ly/41nLwgh
Show HN: Make domain verification as easy as verifying an email or phone number Hi HN, This is a project [1] I've been working on for a little while and I'm interested in your feedback and point of view. Many of us would have verified a domain name by pasting a string into a DNS TXT record. Some providers ask us to store this DNS TXT record at a domain using a DNS label like "_provider" e.g. _provider.yourdomain.com, and some providers ask that you do it at the zone apex (God help us [2]). The Domain Verification protocol stores a DNS TXT record at a DNS name derived from a hashed "verifiable identifier" (think email, telephone, DID), enabling anyone that can prove control over the verifiable identifier to prove authority for the domain name. For example, the domain verification record giving the email address user@example.com authority over the domain dvexample.com can be seen with this terminal command: dig 4i7ozur385y5nsqoo0mg0mxv6t9333s2rarxrtvlpag1gsk8pg._dv.dvexample.com TXT The record can specify what type of services the authorised party is allowed to use (e.g. SEO, Storage, Advertising) or specify an exact provider (ads.google.com), you can also specify an expiry date. The benefits of this approach are: - Domain owners can grant time-limited, granular permissions for third parties to verify a domain - Every service provider could use the same verification record - Once a domain owner creates a verification record by following instructions from one service provider, that same record could be used by other service providers - Domain registrars could set these records up on behalf of users, perhaps even upon domain registration (with registrant opt-in). This would provide domain registrants with a fast lane for signing up to services like Google Ads, Facebook Ads, Dropbox, whatever I'm still working on licensing but creating these records will always be free. I hope to find service providers that see significant upside in reducing friction for user onboarding that are willing to pay to license it. Worked example: Let's say you want to authenticate the user with the email user@example.com with the domain dvexample.com, these are the steps: 1. HASH(user@example.com) -> 4i7ozur385y5nsqoo0mg0mxv6t9333s2rarxrtvlpag1gsk8pg 2. Store Domain Verification record at: 4i7ozur385y5nsqoo0mg0mxv6t9333s2rarxrtvlpag1gsk8pg._dv.dvexample.com 3. TXT record determines permissions and time limit: ``` @dv=1;d=Example user emali;e=2025-01-01;s=[seo;email];h=4i7ozur385y5nsqoo0mg0mxv6t9333s2rarxrtvlpag1gsk8pg ``` BTW, if you're interested the syntax of that DNS record is a compact data serialisation format I created especially for DNS [3]. Thanks for taking a look, Elliott 1. https://bit.ly/418UDRu 2. dig target.com TXT 3. https://bit.ly/3LARRPw https://bit.ly/418UDRu May 5, 2023 at 12:40PM
Labels:
Hacker News
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment