Create domain verification module

[groovecoder]

Need details, but probably some things like Google Webmaster Tools verification. I.e.,

• Verify domain via DNS TXT record #20
• Verify domain via url resource #22

[groovecoder]

Note: we may also be able to use ACME protocol like letsencrypt.

[groovecoder]

ACME protocol allows identifier/domain validation via DNS TXT or "simpleHttp" server resource provisioning.

However, the value of ACME is the automation of the validation between (e.g., letsencrypt) client and (e.g., letsencrypt) server. Unlike letsencrypt, we will not have - nor require - a client running on the web server. We can implement similar DNS TXT and simpleHttp domain validation, but since we're not able to automate it, there's no reason for us to implement the ACME protocol - i.e., /.well-known/acme-challenge/{token} resources or _acme-challenge.example.com TXT records.

It may be possible to dove-tail with ACME-based CA servers for domain verification if there's a (public?) Identifier Authorization API endpoint. But that's too much work for the first version.

I propose for the MVP we support domain validation via:

• "simpleHttp" - provision a resource with address and contents pre-determined by push dashboard server ("The contents MUST have at least 128 bits of entropy, in order to prevent an attacker from guessing it. It MUST NOT contain any characters outside the URL-safe Base64 alphabet.")
• DNS TXT record - provision a TXT record with a value pre-determined by push dashboard server.

[jvehent]

These two options seem reasonable to me.
Are you planning on rechecking those values over time in case ownership of a domain changes?

[groovecoder]

Yes, we should.