Paul, On Fri, Feb 15, 2019 at 7:47 PM Paul Wouters <p...@nohats.ca> wrote: > I think this document should be Experimental and not Standards Track?
I was torn when i did the first revision of this. I think it depends on the stability of Decentralized Identifiers themselves. Once that schema becomes widely used, i think any protocol that connects the DNS and DIDs should be Standards Track. But i leave that up to "higher forces" as soon as i find a suitable "home WG" for that. > The reference to 7929 should be normative, not informative, since > you actually need to read a secion of 7929 to implement this document. Agreed. I've considered replacing the "instruction diff" to OpenPGP with a full description in the document itself. The idea to use that scheme in email came in quite late before i wrote -00, so that section also reflects some laziness. With the "two label" hierarchy introduced in -01, i think a full description would be better anyways. Well do so in -02. Which, in turn, would allow the 7929 reference to stay informative. > I'm not sure if one should use _did.example.com for host names and > _mailto._did.example.com for email addresses. I would keep that at > the same level, eg: > > _hostname._did.example.com > _mailto._did.example.com I'd love to have a discussion about semantics of both options at some point. Maybe we can do a short meeting during IETF104? I know there are many ways to do that, and personally i'm not sure which way would be the "right" one. > This technically also allows one to separate the two DNS zones more > clearly (and could even be managed by a different group) Yep, introduces a zone cut. Then again, i'm not sure what (if we introduce that schema above) the semantics of a record right unter _did would be.. Or would that be disallowed? > I'm really on the fence for this document. On the one hand, it is good > to have a memorable decentralized identifier, but on the other hand if > you rely on DNS (and DNSSEC), is this identifier really still > decentralised in the "we don't trust the USG or Verisign" way ? The identifier is still fully decentralized, the method of discovery probably not. I've also heard that from folks from the Self Sovereign Identity community... However, they are seeking ways for people to discover DIDs. Commonly used are QR codes, but everyone is aware that replacing the QR code on an ATM machine would create an easy of "real world" phishing, so other methods of discovery are definitely worth investigating. > I guess if you interpret it as a migration strategy away from DNS, it is okay. Note that we could also create a "full loop" of verification. The DID document published behind a DID could include a link back to the domain name. I've not investigated that further, though, but it's an interesting area. So, would you be interested to discuss this in Prague? best, Alex _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
