A QUIC look at HTTP/3
A QUIC look at HTTP/3
Posted Mar 19, 2020 19:11 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)In reply to: A QUIC look at HTTP/3 by flussence
Parent article: A QUIC look at HTTP/3
I would guess that you can set up a CT-like system for the DNSSEC public keys for domains. Something like: "*.somedomain.com -> pubkey".
This way if CIA comes a-knocking to the DNS registrar to impersonate "joe.somedomain.com", they would have to publish a new record with CIA's pubkey.
DNSSEC keys don't change very often, so the rate of change would be manageable.