Skip to main content

Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
Authors Jesse Carter , Jacques Latour , Mathieu Glaude
Last updated 2023-10-07 (Latest revision 2023-04-05)
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This memo describes an architecture for digital credential verification and validation using Decentralized Identifiers (DIDs), distributed ledgers, trust registries, and the DNS. This architecture provides a verifier with a simple process by which to cryptographically verify the credential they are being presented with, verify and resolve the issuer of that credential to a domain, and verify that issuer's membership in a trust registry.


Jesse Carter
Jacques Latour
Mathieu Glaude

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)