Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

[John R Levine]

On Mon, 17 Jul 2023, Brian Dickson wrote:
The stuffed apex does not only include those tokens, e.g. SPF and friends,
which get queried A LOT.

I forgot about SPF.  Good point.

In the absence of the aforementioned draft, there is no specific guidance
that would lead ALL token issuers to use 20 character identifiers.

There's only several decades of practice and no reports of collisions, 
ever.  Remember that since it is common to publish multiple tokens for the 
same service, what everyone does is to look for the specific token they 
want and ignore everything else so even in the unlikely event that two 
people use the same tag, in practice it doesn't matter.  If you know a way 
to make 128 bit hash tokens collide, uh, some people would like to talk to 
you.

The collision argument is implausible, Just drop it and we can make the 
sensible point that you don't want to bulk up SPF responses.

R's,
John

PS: Here's that Cisco example again, sorted so you can see the multiple 
tokens per prefix.

cisco.com descriptive text "926723159-3188410"
cisco.com descriptive text "MS=ms35724259"
cisco.com descriptive text "QuoVadis=94d4ae74-ecd5-4a33-975e-a0d7f546c801"
cisco.com descriptive text "SFMC-o7HX74BQ79k7glpt_qjlF2vmZO9DpqLtYxKLwg87"
cisco.com descriptive text 
"\\200atlassian-domain-verification=blI4HshP3kJO1PV8nZFlncJ6TwVviYYxBNhkMi9wIa9DTxUjY4p1GO7O5SjiioyT"
cisco.com descriptive text 
"adobe-aem-verification=www-devint-cloud.cisco.com/24859/366173/9418f2a2-ef45-4788-9de9-91c7d19038b9"
cisco.com descriptive text 
"adobe-aem-verification=www-idev-cloud.cisco.com/24859/366204/1b990ef7-ff88-4938-bdd9-8458cc152f57"
cisco.com descriptive text 
"adobe-idp-site-verification=c900335b8b825859b51473b9943a3880ae795df47426483b0a67630377a902f5"
cisco.com descriptive text 
"amazonses:7LyiKZmpuGja4+KbA4xX3lN69yajYKLkHH4QJcWnuwo="
cisco.com descriptive text 
"amazonses:QbUv5pPHGQxRy1vKA0J7Y/biE9oR6MTxOTI1bZIfjsw="
cisco.com descriptive text 
"amazonses:mX+ylQj+fJAfh9pr03yIR7YvjKZ1bOo5ABegqM/5pvI="
cisco.com descriptive text "apple-domain-verification=qOInipPgso3W8cmK"
cisco.com descriptive text "asv=ac90e11808e87cfbf8768e69819b1aca"
cisco.com descriptive text 
"atlassian-domain-verification=2ldosmg0o2Mhpyok1OISaSGygWU9zk6fLLWdoczXtHap9luhaHA/pwEaj2Tk6ROK"
cisco.com descriptive text 
"atlassian-domain-verification=672RcADvt8BPqsb9gCN2ZC5DoTAhUT8abC1blYKQxi/MHMaGoA/BuvjFMaWRtgd7"
cisco.com descriptive text 
"atlassian-domain-verification=7JYRlY9ijBijTJ0YS5a8/58DU7OfKAHMYRufcy0TC57j2mNceH8rg4ajRzErc22Z"
cisco.com descriptive text 
"atlassian-domain-verification=AYTzL6wSVsW0IdyQp7gwv6lwtHdpMATnb8QriqyJ0niAaZct9kdSlXvfuE4GcoxU"
cisco.com descriptive text 
"atlassian-domain-verification=Gt2demeKDLmtNc9kPZhaAHFA37DEIcmFGUd6LARvB4yjLG70s3WZhaJJ15y499sb"
cisco.com descriptive text 
"atlassian-domain-verification=UwP1ncfiphlFs+wRx8wIBSXDScwNL7Jrw7tq2rnYz3+9T5+Md9eTDRgNPCikxtOx"
cisco.com descriptive text 
"c900335b8b825859b51473b9943a3880ae795df47426483b0a67630377a902f5"
cisco.com descriptive text 
"docker-verification=4c56633a-274e-4858-88a2-2aeceffcfd66"
cisco.com descriptive text "docusign=5e18de8e-36d0-4a8e-8e88-b7803423fa2f"
cisco.com descriptive text "docusign=95052c5f-a421-4594-9227-02ad2d86dfbe"
cisco.com descriptive text 
"duo_sso_verification=6Q7pJwSZ3damWHBcB8TNd9I5oduLRAFDDhip2pTFaa3QoIZtZnCgzjyZr5teSOWS"
cisco.com descriptive text 
"duo_sso_verification=AxenLdoqIXzjl2RJzE1BlOfkawDbDFlnbyvjAt8vcjKHBkvYwEMySDRk5QmBd66v"
cisco.com descriptive text 
"duo_sso_verification=IYdVUIrb2L95JVejSXV3hfsJVDZolQKKOPBztlD6TIgfCRSKeMuf8WgbQuFLD4aL"
cisco.com descriptive text 
"duo_sso_verification=pG21Oj5OPCxRPsWXsfbauWT9oua82cKtYUPAmsQvovKNq3xqWEcsEMEAhtXy8AFr"
cisco.com descriptive text 
"duo_sso_verification=sKMGaTln2vmQuKwaE4hKtTEY1UYn2JzAaxSZzGjkgJrKuZChN344mhIptyczoNBA"
cisco.com descriptive text 
"facebook-domain-verification=1zoxo8z7t013gpruxmhc8dkerq47vh"
cisco.com descriptive text 
"facebook-domain-verification=qr2nigspzrpa96j1nd9criovuuwino"
cisco.com descriptive text 
"fastly-domain-delegation-e9a758d22183504af2d5ab4d9a9853da-20210127"
cisco.com descriptive text 
"fastly-domain-delegation-im0VCGY5X0axEEmhXJb2-347911-20210310"
cisco.com descriptive text 
"fastly-domain-delegation-w049tcm0w48ds-341317-20210209"
cisco.com descriptive text 
"fastly-domain-delegation-z9slsbDdX0-368365-2021-05-14"
cisco.com descriptive text 
"google-site-verification=9MlQU9MMQ1jHLMUkONKe6QzZ-ZIGRv0BCD1_rY1Zdmc"
cisco.com descriptive text 
"google-site-verification=V3t2K3dvr9fcd1YWwwanSmebEOO_UNTP06HR2_gUO5M"
cisco.com descriptive text 
"google-site-verification=WmdDuSXl3PMb-48qcY6VUbW9kzNPe46zn9uDwgB2wX0"
cisco.com descriptive text 
"google-site-verification=lW5eqPMJI4VrLc28YW-JBkqA-FDNVnhFCXQVDvFqZTo"
cisco.com descriptive text 
"google-site-verification=qPS9ZkoQ-Og1rBrM1_N7z-tNJNy2BVxE8lw6SB2iFdk"
cisco.com descriptive text 
"google-site-verification=r-K1CIdXkgRWxZstUHtVyM2UfwflnGgr4AR9_Qhk28Q"
cisco.com descriptive text 
"h1-domain-verification=rix5vuxntVpma4rTL2DbE3FDrrPjedhnRaqaHvghyod3egmZ"
cisco.com descriptive text 
"identrust_validate=ZMG4IyVxNwmt3vKpPoFmxSuWW+4fMc/M4kCCnBaPUMYv"
cisco.com descriptive text 
"intercom-domain-validation=8806e2f9-7626-4d9e-ae4d-2d655028629a"
cisco.com descriptive text 
"mZvHszGlmDhvPOUKL+6JMiw/VtckyOMKjcw1PLcjYowxM2PVLX2xG0ZSgdHRm8HXfaaGR2pMvhIrBX1tX3aKRQ=="
cisco.com descriptive text 
"miro-verification=53bf5ccd47cb6239fe5cf14c3b328050dd5679ac"
cisco.com descriptive text 
"mixpanel-domain-verify=2c6cb1aa-a3fb-44b9-ad10-d6b744109963"
cisco.com descriptive text 
"notion-domain-verification=7sz4S3LLtNIHZpYsgTTgOcRLlLrJ5JrmIgVcdRtGi1X"
cisco.com descriptive text 
"onetrust-domain-verification=20345dd0c33946f299f14c1498b41f67"
cisco.com descriptive text 
"pendo-domain-verification=5995ba9c-9bf8-43d8-9e5a-309856760011"
cisco.com descriptive text 
"pendo-domain-verification=c9796502-c914-4e50-892d-e426f2ac68e9"
cisco.com descriptive text 
"pendo-domain-verification=c9d2fba1-7d94-4cf9-a6fb-310883c8bb15"
cisco.com descriptive text 
"sending_domain731003=25e34fadea88da7e64f0fab1e32d094f1f1e0fb2b97622deac2521f7a2c5b2bc"
cisco.com descriptive text 
"stripe-verification=217ec5836204d6fc0d236f5751724029c9b39530696e322a862b2f2f5fe75529"
cisco.com descriptive text "v=spf1 redirect=spfa._spf.cisco.com"
cisco.com descriptive text 
"wiz-domain-verification=af241e6396696eedf1b361891435f6b21bdebb5621941d99279298c076b5bf5f"
cisco.com descriptive text 
"workplace-domain-verification=Uhv7QPQ22nbuD3vG0jspf7R6LruYoS"

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop