Abstract: An example method includes obtaining a first public key associated with a private key of an application vendor of an application package signed with the private key. The first public key includes metadata including an identifier of the first public key. The method also includes transforming, via a processing device, the identifier into a Domain Name System (DNS) name, sending the DNS name to a DNS server to determine that the DNS name corresponds to a trustworthy source, in response to receiving, from the DNS server, a second public key associated with the DNS name in a DNS data store, confirming that the DNS name corresponds to the trustworthy source, and determining whether the second public key matches the first public key to verify whether the first public key and the associated private key used to sign the application package are authentic.

Abstract: An example method includes obtaining a first public key associated with a private key of an application vendor of an application package signed with the private key. The first public key includes metadata including an identifier of the first public key. The method also includes transforming, via a processing device, the identifier into a Domain Name System (DNS) name, sending the DNS name to a DNS server to determine that the DNS name corresponds to a trustworthy source, in response to receiving, from the DNS server, a second public key associated with the DNS name in a DNS data store, confirming that the DNS name corresponds to the trustworthy source, and determining whether the second public key matches the first public key to verify whether the first public key and the associated private key used to sign the application package are authentic.

Abstract: A method relates to generating, by a processing device executing a DNS resolver, a first domain name system (DNS) query comprising a DNS request generated from an application executing on the processing device to query a first DNS server serving a first DNS zone connected to the processing device via a public network, receiving, from the first DNS server, a first resource record comprising a DNS answer to the DNS query, a second resource record comprising a digital signature generated by signing the DNS answer with a first private key of the first DNS zone, a third resource record comprising a first public key for verifying the digital signature, and one or more files for validating a chain of trust of the first public key, determining, by the processing device in view of the one or more files, that the chain of trust of the first public key misses at least one of a trust anchor or a link in the chain of trust, and generating a second DNS query comprising the DNS request to query a second DNS server residing

Abstract: A method relates to generating, by a processing device executing a DNS resolver, a first domain name system (DNS) query comprising a DNS request generated from an application executing on the processing device to query a first DNS server serving a first DNS zone connected to the processing device via a public network, receiving, from the first DNS server, a first resource record comprising a DNS answer to the DNS query, a second resource record comprising a digital signature generated by signing the DNS answer with a first private key of the first DNS zone, a third resource record comprising a first public key for verifying the digital signature, and one or more files for validating a chain of trust of the first public key, determining, by the processing device in view of the one or more files, that the chain of trust of the first public key misses at least one of a trust anchor or a link in the chain of trust, and generating a second DNS query comprising the DNS request to query a second DNS server residing