Hi Shumon, I actually do have specific text, which I proposed back in November! Unfortunately, I missed that there were several great comments on the PR, so it was stalled.
I've revised the PR considerably to make the text shorter and clearer, in keeping with the draft's style shift. https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/pull/160 --Ben Schwartz ________________________________ From: Shumon Huque <shu...@gmail.com> Sent: Wednesday, March 19, 2025 7:56 PM To: Ben Schwartz <bem...@meta.com>; dnsop@ietf.org WG <dnsop@ietf.org> Subject: Domain Control Validation vs Domain Based Authorization Ben (Schwartz), I wanted to follow-up on the point you raised at the mic during dnsop while it is still fresh .. You wanted to make sure that the draft clearly differentiates these 2 things. I agree with the examples you cited about domain based Ben (Schwartz), I wanted to follow-up on the point you raised at the mic during dnsop while it is still fresh .. You wanted to make sure that the draft clearly differentiates these 2 things. I agree with the examples you cited about domain based authorization (e.g. MX records, and perhaps bluesky handles). I think though, that the DCV case sometimes may muddle these 2 things together, so it may be harder to draw a clear cut distinction. For example, when Atlassian wants to operate an instance of their application for customer A using A's domain name, the random challenge token that they ask A to install in their zone may serve the purpose of both validating control of the domain and authorizing the deployment of an instance of their app for that domain name. Arguably, the same could be said to be happening for ACME certificate issuance. Do you have any specific text on this topic you want to propose for inclusion in the draft? Shumon.
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
