27Ara
How to provide public key for security.txt?
When generating a security.txt file, it is recommended to digitally sign it.
However, security researchers must not assume that the information used in the Encryption
field is actually the key used to sign the file.
So my question is: how should I indicate the location of/ provide the public key such that researchers can verify the signature?
My research
- Read the documentation of the rfc standard
- Read the documentation of the security.txt guideline
- Searched the internet