Tim, yes, I agree we should be more precise about this term. The draft covers the case of "account specific" DCV - here we are talking about accounts at the application service provider that the domain owner owns, and the domain owner wants to assert that individual accounts are to be verified as having control over the domain (with distinct account specific DVC challenges).
Shumon. On Wed, Oct 23, 2024 at 5:55 PM Tim Wicinski <tjw.i...@gmail.com> wrote: > Ben > > I think we need to be careful when we say "account" in these situations - > whose account ? domain owner, service owners, etc. > It is an overly overloaded term. > > On Tue, Oct 22, 2024 at 9:58 AM Ben Schwartz <bem...@meta.com> wrote: > >> I think this draft should offer more background on the problem space, >> describing the situations where these DCV patterns are appropriate or >> inappropriate. In particular, I would like to see text clearly >> distinguishing two patterns: >> >> 1. "Domain Control Validation" -> Prove that the owner of this account >> controls this DNS name (by placing a random token in an ephemeral TXT >> record). >> > > > 2. "Domain Account Authorization" -> Prove that the owner of the DNS name >> authorizes this account (by placing the account name in a persistent TXT >> record). >> > > > >> I would like to see guidance on how to choose between these two >> approaches. Or are they really the same approach, distinguished by >> authorizing ephemeral accounts vs. persistent ones? >> >> > I think part of this answer is based on what the owner of the service > requesting the DNS authorizing is requesting is it not? > > > tim > > > > >> Resolving this distinction would help to harmonize this draft with >> https://datatracker.ietf.org/doc/draft-sheth-dns-integration/ >> >> --Ben >> ------------------------------ >> *From:* Tim Wicinski <tjw.i...@gmail.com> >> *Sent:* Monday, October 21, 2024 11:18 PM >> *To:* dnsop <dnsop@ietf.org> >> *Subject:* [DNSOP] Fwd: New Version Notification - >> draft-ietf-dnsop-domain-verification-techniques-06.txt >> >> All After much badgering, the authors have updated this document, >> addressing very useful comments from Duane Wessels (thank you!) and useful >> and poignant comments from Benjamin Kaduk's secdir review (still work >> through those). There is one >> All >> >> After much badgering, the authors have updated this document, addressing >> very useful comments from Duane Wessels (thank you!) and useful and >> poignant comments from Benjamin Kaduk's secdir review (still work through >> those). >> >> There is one outstanding issue which will be on the agenda in Monday's >> session. >> >> I urge all to at least read the diffs. >> >> thanks >> tim >> >> >> ---------- Forwarded message --------- >> From: <internet-dra...@ietf.org> >> Date: Mon, Oct 21, 2024 at 4:57 PM >> Subject: New Version Notification - >> draft-ietf-dnsop-domain-verification-techniques-06.txt >> To: <tjw.i...@gmail.com> >> >> >> >> A new version (-06) has been submitted for >> draft-ietf-dnsop-domain-verification-techniques: >> >> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt >> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.txt__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm1HciEVl$> >> >> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html >> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-06.html__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm0IDyzY9$> >> >> >> The IETF datatracker page for this Internet-Draft is: >> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ >> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm8fckrOW$> >> >> Diff from previous version: >> >> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06 >> <https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-06__;!!Bt8RZUm9aw!4F3N6oJhwSkUlFkIIwVJeOm1aOi9yFCo7DDb84erI6z34GLDd4Fx8pcM4XxoRCQ2UUGYm6JrDtUE$> >> >> IETF Secretariat. >> >> >> _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
