Verifying the Address Resolver Document
Assuming a DARP compliant application can verify Address Name ownership (see next section) and therefore trusts that the correct DID and service endpoint is being used, there may be scenarios where the integrity of the ARD can be compromised.
For example, if the Address Name owner is hosting their ARD through a third party, that third party may have the ability to modify it. To protect against this the ARD is cryptographically signed using the keys associated with the corresponding DID, something only the DID owner can do. Whenever a change is made to the ARD, the associated DID Document is also updated to include a hash of the ARD.
These features allow a DARP compliant application to not only ensure the ARD hasn't been tampered with, but also ensure it is the correct version.