thank you for linking this, i took a peek and i will look at the DNSSEC pieces in more detail. this is something i did not dare to touch when i saw the RFC jungle around DNS.
Why CT Certificate Transparency logs are not possible by logging DNS record types like CERT, OPENPGPKEY, SSHFP, CAA, RRSIG, NSEC3; ACMEv2 Proof of Domain Control; and why we need a different system for signing software package build artifacts built remotely (smart contracts, JWS, SLSA, TUF, W3C Verifiable Credentials, blockcerts and transaction fees,)
It looks like dnspython has DNSSEC, DoH, and DoQ support: test_dnssec.py: https://github.com/rthalley/dnspython/blob/main/tests/test_d... , dnssec.py: https://github.com/rthalley/dnspython/blob/main/dns/dnssec.p...
thank you for linking this, i took a peek and i will look at the DNSSEC pieces in more detail. this is something i did not dare to touch when i saw the RFC jungle around DNS.
Why CT Certificate Transparency logs are not possible by logging DNS record types like CERT, OPENPGPKEY, SSHFP, CAA, RRSIG, NSEC3; ACMEv2 Proof of Domain Control; and why we need a different system for signing software package build artifacts built remotely (smart contracts, JWS, SLSA, TUF, W3C Verifiable Credentials, blockcerts and transaction fees,)