On 6/14/19 3:13 PM, Dr Eberhard W Lisse wrote: > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor.
What GPG key? Sounds OK to me, *assuming* that "someone standardizes" how to determine whether a GPG key has authority to decide such things. AFAIK the usual GPG trust approach is fully decentralized, so it will generally give different results to different observers, which is probably not desirable *here*. I don't expect you meant to suggest e.g. somehow using a KSK for signing an e-mail? > If there was a secure* channel between the TLD registry and IANA The original question isn't about a channel towards IANA, as far as I understand it, but towards public, i.e. a signature that anyone should be able to verify.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
