Hi Edward, Thanks for your message. > > On Dec 9, 2015, at 3:25 PM, Hosnieh Rafiee <i...@rozanak.com> wrote: > HR> I would like to suggest the following format (this is the rough version > HR> and it is not exact but only giving you an idea that what is the > HR> purpose) for a new resource record to store the reference information > HR> of bounding of authentication and authorization where authentication > HR> can be based on public keys or certificates. > > First, read "Domain Name System (DNS) IANA Considerations", RFC 6895. > (http://tools.ietf.org/html/rfc6895) That lays out the process of getting > a new Resource Record assigned.
Ok > Second, from the quick description, I don't quite understand what you want > to solve. Not complaining, but in preparing to ask for a new type, the > use case might need to be clearer. Authentication and authorization in multi-tenancy environment where it is based on certificates and TLS and not giving direct access to resource policy that belongs to the owner of infrastructure while at the same time giving flexibility to each tenant to delegate all or a part of its resources to third party. > HR> Is DNSOP a right place for that? I asked DANE and they said it > HR> is not in their charter. > > I don't know what you asked the DANE WG. But if it was to add a new DNS > RR type, they certainly would not be the best place. DNSOP WG doesn't > make decisions on new types (see the RFC for that), but you might get > useful advice on this list. I actually asked in the mailinglist whether their charter is open to having the bounding of authentication and authorization there since the purpose would be also use DANE. But what I heard (in private message exchanges) that they do not want to recharter to consider this. If I misunderstood, then perhaps the chair of DANE can speak out and correct me. > > I don't understand it. But don't reuse TXT or HINFO or anything just > because it would seem convenient. Consult the RFC for the process. Ok you are the second person that you do not recommend to use TXT. I think also according to processes Ineed for DDNS, there need to be a bit more restriction. For quering I think it will address the needs but for processes during updating that , there need to be new processes defined which means it is better, as you and other suggested, to think about other RR. I need to first take a look on the RFC you have submitted to see what I can do and how to introduce it. I think, I again bug the WG for more advise :) Thanks again, Best, Hosnieh _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
