block by andrewxhill 107e343e676351b39db65910aa3d78d7

Chain of Trust - but verify...

Provide a domain and a TXT content flag you want to discover and then verify all the way to ICANN.

On boom.fyi, we have a TXT record with data-cert=hello_world

domain = "boom.fyi"

Collect data for our target TXT record flag (including all sigs etc). Then collect data for the entire chain back to root.

chain_data = collect_record(domain, 'data-cert=')
chain_data = collect_chain_data(domain, chain_data)

This all is stored off in chain_data.json

Now, verify.

verify_chain(domain, data)

Finally, it makes sure the last step was signed by keys that came from the root we already know. Stored in root_rrset.json Since no exceptions were thrown, we’ll finally show what the value of our flag was set to:

show_verified_message(domain, data)

Chain Of Trust (but verify).ipynb

chain_data.json

root_anchors.json

root_rrset.json