And the primary way of identifying yourself is in fact DNS.
> I’ve been working on a solution to this
Your solution is almost identical to the BlueSky one: put a TXT record at _atproto.<domain> that resolves to a DID. The difference is that they mandate the DID spec and you do not. Which is totally fine! Just figured I'd let you know :)
Another key difference is that the _atproto TXT record is discoverable since it’s always at _atproto. Whereas the “verifiable identifier” I use isn’t discoverable because it’s hashed and used as a dns label.
The ultimate goal here would be for these records to be populated by domain registrars upon a domain being registered (with registrant’s permission obviously).
This could create a kind of fast lane for domain verification across providers like Google Ads, Facebook, Office365 and everyone else that requests DNS verification.
The worst thing is that hundreds of providers request domain verification TXTs at the zone apex:
dig target.com TXT