Oddbean new post about login | logout Querying DNS in a fully self-validating manner is pretty trivial, so much so you can shove it in a small webpage :) Shove Bitcoin payment instructions in TXT records and now you can get easy internet-less self-validated proofs of payment instructions! A hardware wallet can even check it and display a nice human-readable name for payments, talk about awesome UX. https://http-dns-prover.as397444.net Test looking up matt.user._bitcoin-payment.mattcorallo.com. TXT :)
Are all these bytes a bolt 12 then https://image.nostr.build/d68c9420ddcb5138d0b3e503eb2723f5a7aa683b8cc1dbd1c8db97491bc99c3c.jpg
Uh, yea, old client version that didn’t parse the text, reload and try again :)
It stopped working now lol
Why offline? If you've never tried to visit this site, surely you wouldn't have the DNS cached so you need internet to get this message.
A hardware wallet or device wanting to query privately may want to get a proof that doesn’t require trusting a third party server or a long list of CAs.
I think what you're saying is that since DNS is distributed, you can get information without needing to make all the calls you'd typically need to: 1. DNS query to IP 2. Call to IP 3. Get certificate 4. Call to CA(s) 5. Etc. Now you just find the nearest DNS record, check it is signed correctly, and the data is there. If this isn't it, I will have to tip my hat and admit this went over my head. 🧢
TLS you cannot provide a proof for (it’s asymmetric in the cert but used to derive symmetric keys, so you can forge a transcript). DNS is not, so like you say you can avoid all the complexity, and a totally untrusted device can provide a proof to a totally offline device (eg a hardware wallet).
Just don't forget that states have control over DNS records. It's quite a centralized tool. Placing the same information in your Nostr profile in better :)
