Some more fleshing out of details of how Paymail will initi…

Twetch ·

Some more fleshing out of details of how Paymail will initially fit in ElectrumSV, and a potential picture of the longer term direction.
https://medium.com/@roger.taylor/notes-on-adapting-paymail-1977d450d938

Replies

Twetch ·

Re: DNSSEC. There is no issue so long as the host is the same as the domain or perhaps with www prepended. If the domain picks a different host, then you should require DNSSEC.

Twetch ·

Wouldn't we employ DNSSEC once or twice depending on that? Once for resolving the domain and looking up the SRV records and so forth, and potentially a second time when we look up the host if it differs? -- rt12

Twetch ·

Further, the reason not to always require it is that it can be a PITA to support. AWS does not support it for instance. I think we should only require it if it actually makes a security difference, which it does in the case of third party hosted paymails.

Twetch ·

You don't have to, because if the paymail is self-hosted, there is nothing a MITM attack could do. Only if they change it to a different domain do you need to know that a MITM is not possible, and that is why it makes sense to enforce DNSSEC in that case.