They'd need the private key to post as you. The DNS record just points to where ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thisismissem 25 days ago \| parent \| context \| favorite \| on: Where it's at:// They'd need the private key to post as you. The DNS record just points to where the DID document is, but there's a verification check that the DID document points back, and this is automatically performed as a part of the resolution process. DNSSEC would add additional security around DNS record changes, but not having it wouldn't allow someone to impersonate you, because your server would need to agree with that.

captn3m0 25 days ago [–]

Is there any reading material on the private-key recovery bits? I want to learn how AT manages failure scenarios, especially around key-loss.

danabramov 25 days ago | [–]

The private key is normally stored on your PDS (hosting). See https://www.da.vidbuchanan.co.uk/blog/adversarial-pds-migrat... for how to be prepared for adversarial migration.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact