Secure connection status in browsers via DNSSEC validation

[RubenKelevra]

Is your feature request related to a problem? Please describe.

We currently show that any content loaded via DNSLink is insecure - which is true.

Describe the solution you'd like

It would be nice if we could check the DNSSEC signature for the DNSLink entry to make sure we load the right content before using it to load anything via IPFS.

When there's a DNSSEC signature and it's been verified we should inform the browser that the context is now secure - as we have verified that this is indeed the right content for the domain.

Alternatives

If we use plain text DNS requests and don't do any signature verification OR the domain has no DNSSEC information stored, we don't have any security for the content similar to a page that gets loaded over HTTP.

It would be nice if we could do at least secure DNS requests for any DNSLink request until DNSSEC validation has been added. But I think it's worth a discussion if we should upgrade the context to secure in the browser for this case. Maybe we could configure two endpoints for secure DNS requests and if both agree we upgrade the context - while showing that this verification was only done by secure DNS requests, not by validating the DNSSEC signature.

[jessicaschilling]

@RubenKelevra We'll talk about this in more detail in our next weekly triage - thanks for raising.

[lidel]

@RubenKelevra this a valid request, but is Brave-specific: Companion is unable to control those parts of browser UI.
Mind filling this issue again in https://github.com/brave/brave-browser/issues/ + mention me there so i can bump it in priority? 🙏 Thanks!