Ben I think we need to be careful when we say "account" in these situations - whose account ? domain owner, service owners, etc. It is an overly overloaded term.
On Tue, Oct 22, 2024 at 9:58 AM Ben Schwartz <bem...@meta.com> wrote: > I think this draft should offer more background on the problem space, > describing the situations where these DCV patterns are appropriate or > inappropriate. In particular, I would like to see text clearly > distinguishing two patterns: > > 1. "Domain Control Validation" -> Prove that the owner of this account > controls this DNS name (by placing a random token in an ephemeral TXT > record). > 2. "Domain Account Authorization" -> Prove that the owner of the DNS name > authorizes this account (by placing the account name in a persistent TXT > record). > > I would like to see guidance on how to choose between these two > approaches. Or are they really the same approach, distinguished by > authorizing ephemeral accounts vs. persistent ones? > > I think part of this answer is based on what the owner of the service requesting the DNS authorizing is requesting is it not? tim > Resolving this distinction would help to harmonize this draft with > https://datatracker.ietf.org/doc/draft-sheth-dns-integration/ > > --Ben > ------------------------------ > *From:* Tim Wicinski <tjw.i...@gmail.com> > *Sent:* Monday, October 21, 2024 11:18 PM > *To:* dnsop <dnsop@ietf.org> > *Subject:* [DNSOP] Fwd: New Version Notification - > draft-ietf-dnsop-domain-verification-techniques-06.txt > > All After much badgering, the authors have updated this document, > addressing very useful comments from Duane Wessels (thank you!) and useful > and poignant comments from Benjamin Kaduk's secdir review (still work > through those). There is one > All > > After much badgering, the authors have updated this document, addressing > very useful comments from Duane Wessels (thank you!) and useful and > poignant comments from Benjamin Kaduk's secdir review (still work through > those). > > There is one outstanding issue which will be on the agenda in Monday's > session. > > I urge all to at least read the diffs. > > thanks > tim > > > ---------- Forwarded message --------- > From: <internet-dra...@ietf.org> > Date: Mon, Oct 21, 2024 at 4:57 PM > Subject: New Version Notification - > draft-ietf-dnsop-domain-verification-techniques-06.txt > To: <tjw.i...@gmail.com> > > > > A new version (-06) has been submitted for > draft-ietf-dnsop-domain-verification-techniques: > > https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt > <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm1HciEVl$> > > https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html > <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm0IDyzY9$> > > > The IETF datatracker page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ > <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm8fckrOW$> > > Diff from previous version: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06 > <https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm6JrDtUE$> > > IETF Secretariat. > > >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
