I haven't found a simple way of generating a dns record. `gpg --export-options export-dane email@address.tld` is one way, but I can't get `nsupdate` to accept that format.

The DANE SMIMEA standard was adopted as [rfc8162](https://datatracker.ietf.org/doc/html/rfc8162) in 2017

Brunswick

There is something called [DANE SMIMEA](https://incenp.org/notes/2015/keys-in-dns.html) which is similar to your proposal and something @k00b could use to verify "orange checks" that ties a domain to an email address and public key if he thinks its worthwhile.

bitcoin

Digital signatures to prevent name squatting on SN?

> A letsencrypt cert doesent validate anyone's identity other than confirm the controller of a domain's nameserver has control over the web server.

Yes, this is what I am talking about. No more, no less.

There are websites of "important people" out there who we _already_ assume to be "real" or "verified".

Putting a public key on these sites and having a signed message on here is all I am talking about.

Essentially, you would just take your reputation from these websites instantly with you to SN.

Thanks for the explanation about EV certificates. Didn't know they exist!