> On 14 Jun 2019, at 14:13, Dr Eberhard W Lisse <e...@lisse.na> wrote: > > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor.
If there was a secure* channel between the TLD registry and IANA like the GPG email you suggested, there wouldn’t really be a need to insert and check for some token in the TLD zone. Though as you say, that measure might be a useful way of adding 2FA. * For some definition of secure. In any case, I’m not sure this list is the right place to define or develop a solution for this issue. We probably don’t have a complete understanding of the problem space or the details of how IANA and TLD registries/SOs communicate with each other, what the requirements are, etc, etc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
