Comment by steveklabnik

3 years ago

As said multiple times in this thread, the primary way of identifying yourself in this protocol is a TXT record in DNS.

The "primary" way doesn't really matter if a user checks their app and sees that it was verified.

Unless the UI makes it clear it was verified with "non-primary" methods so users can be cautious, any method of verification is essentially "primary" from the user POV.

  • Yes. It is a problem that this method has issues. They’ll be fixed. My point is, they did not ignore that case, they focused on it! This is just a bug in an additional method.