I think this draft should offer more background on the problem space, describing the situations where these DCV patterns are appropriate or inappropriate. In particular, I would like to see text clearly distinguishing two patterns:
1. "Domain Control Validation" -> Prove that the owner of this account controls this DNS name (by placing a random token in an ephemeral TXT record). 2. "Domain Account Authorization" -> Prove that the owner of the DNS name authorizes this account (by placing the account name in a persistent TXT record). I would like to see guidance on how to choose between these two approaches. Or are they really the same approach, distinguished by authorizing ephemeral accounts vs. persistent ones? Resolving this distinction would help to harmonize this draft with https://datatracker.ietf.org/doc/draft-sheth-dns-integration/ --Ben ________________________________ From: Tim Wicinski <tjw.i...@gmail.com> Sent: Monday, October 21, 2024 11:18 PM To: dnsop <dnsop@ietf.org> Subject: [DNSOP] Fwd: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-06.txt All After much badgering, the authors have updated this document, addressing very useful comments from Duane Wessels (thank you!) and useful and poignant comments from Benjamin Kaduk's secdir review (still work through those). There is one All After much badgering, the authors have updated this document, addressing very useful comments from Duane Wessels (thank you!) and useful and poignant comments from Benjamin Kaduk's secdir review (still work through those). There is one outstanding issue which will be on the agenda in Monday's session. I urge all to at least read the diffs. thanks tim ---------- Forwarded message --------- From: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> Date: Mon, Oct 21, 2024 at 4:57 PM Subject: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-06.txt To: <tjw.i...@gmail.com<mailto:tjw.i...@gmail.com>> A new version (-06) has been submitted for draft-ietf-dnsop-domain-verification-techniques: https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt<https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm1HciEVl$> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html<https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm0IDyzY9$> The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm8fckrOW$> Diff from previous version: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06<https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm6JrDtUE$> IETF Secretariat.
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
