Ben (Schwartz), I wanted to follow-up on the point you raised at the mic during dnsop while it is still fresh ..
You wanted to make sure that the draft clearly differentiates these 2 things. I agree with the examples you cited about domain based authorization (e.g. MX records, and perhaps bluesky handles). I think though, that the DCV case sometimes may muddle these 2 things together, so it may be harder to draw a clear cut distinction. For example, when Atlassian wants to operate an instance of their application for customer A using A's domain name, the random challenge token that they ask A to install in their zone may serve the purpose of both validating control of the domain and authorizing the deployment of an instance of their app for that domain name. Arguably, the same could be said to be happening for ACME certificate issuance. Do you have any specific text on this topic you want to propose for inclusion in the draft? Shumon.
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
