A standard for nominating security contact points & policies via DNS TXT records — discoverable before a researcher even loads your site.
Part of the disclose.io Project — the open, vendor-neutral infrastructure for vulnerability disclosure. Browse the ecosystem →
A standard allowing organizations to nominate security contact points and policies via DNS TXT records.
This proposal was first made public on March 25, 2021 and is currently a draft. We welcome comments and feedback! To make suggestions please submit a PR via Github or submit a ticket. Thanks for your interest!
The proposed Standards Track Internet-Draft is maintained in ietf/:
The draft makes _security.<domain> the normative owner name, requires an RFC 3339 security_expires timestamp, and requests registration of the _security TXT node name under RFC 8552.
Find us on Twitter: https://twitter.com/dnssecuritytxt.
Created with <3 by John Carroll and Casey Ellis for The disclose.io Project.
