sure, what about TXT records then? seems dangerous that anyone who can modify th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		a-dub on March 14, 2021 \| parent \| context \| favorite \| on: Security.txt sure, what about TXT records then? seems dangerous that anyone who can modify the root of a webserver content can impersonate security contacts/pubkeys.

Anunayj on March 15, 2021 [–]

well .well-known should be well guarded anyway, since it is used for things like issuing SSL certs by Let's Encrypt (and possibly more CAs). Giving anyone access to your root of webserver is giving anyone access to your website.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact