You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TXT registry encourages encrypting the metadata which makes sense but brings in the complexity of key management into the scope.
I have not delved into details of how external-dns works with TXT registry and decrypting secrets in particular so please consider my ignorance as an excuse for bringing this up.
The question: why not hashing? i.e. SHA256 the desired TXT record?
In theory an operator could hash the metadata, store it and later in the operation instead of decrypting and deserializing do the hash(serialize(metadata)) and compare hashes to identify/verify ownership.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
TXT registry encourages encrypting the metadata which makes sense but brings in the complexity of key management into the scope.
I have not delved into details of how external-dns works with TXT registry and decrypting secrets in particular so please consider my ignorance as an excuse for bringing this up.
The question: why not hashing? i.e. SHA256 the desired TXT record?
In theory an operator could hash the metadata, store it and later in the operation instead of decrypting and deserializing do the hash(serialize(metadata)) and compare hashes to identify/verify ownership.
Beta Was this translation helpful? Give feedback.
All reactions