User Agent Connection Security (UACS)
A connection security proposal for websites and user agents
Read the proposed RFC!A connection security proposal for websites and user agents
Read the proposed RFC!UACS is a connection security model implemented by website authors and user agent vendors
Create a DNS TXT entry for your domain following the format listed in the proposed RFC with every third-party connection separated by semicolons. There are options for those with more complicated hosting configurations.
Q: Do users have to make any changes?
A: No, this is designed with defaults...
See More
The traditional website model for distributing information has been one of open resource connections. Website authors are in control as to how the published resource connections draw upon other resources. This model leaves end-users and administrators who require higher connection security to either trust the site author implicitly or profile a website and provide connection security through other means.
Establishing a trust model where all connections are approved by both parties, is an additional step in providing a model where users and administrators can be assured the website they are using is making author-verified connections to second- and third-parties. This proposed RFC covers an implementation for website authors to indicate a validation method of second- and third-party resources and a strict or compatible model for browser owners to enforce depending on their security requirements.
Create a DNS TXT entry for your domain following the format listed in the proposed RFC with every third-party connection separated by semicolons. There are options for those with more complicated hosting configurations.
The TXT line should begin with uacs=1; . Following that an optional host= entry should be made for operators hosting multiple sites from a single domain name.
Following that, the remainder of the entries are your semicolon-separated third-party connections.
Q: Do users have to make any changes?
A: No, this is designed with default enforcement modes user agents should follow in order to ensure compatibility. Over time, user agent vendors should change the default enforcement mode from compatible to secure after website authors have implemented UACS.
Q: Why use DNS instead of a text file like robots.txt?
A: DNS TXT records were chosen as a separate verifible mechansim which lives outside of the web site infrastructure. If your server is compromised, an attacker has easier access to change a uacs.txt file.
Q: Can't I do this with Content Security Policy (CSP) headers?
A: This security model lives in DNS records, therefore an attacker would need to compromise both the server architecture and the DNS records to load selected content from attacker-controlled resources.
Q: Isn't this similar to Sender Policy Framework (SPF) which is used for email security?
A: Yes! Similarly, it is based on the authoritative premise that if you are who you say you are, you can control your DNS entries in addition to your website content. You can also think of this as a domain-bill-of-materials for website third-party connections.