Thanks Ben! We will review shortly .. Shumon.
On Thu, Mar 20, 2025 at 2:56 PM Ben Schwartz <bem...@meta.com> wrote: > Hi Shumon, > > I actually do have specific text, which I proposed back in November! > Unfortunately, I missed that there were several great comments on the PR, > so it was stalled. > > I've revised the PR considerably to make the text shorter and clearer, in > keeping with the draft's style shift. > > > https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/pull/160 > > --Ben Schwartz > ------------------------------ > *From:* Shumon Huque <shu...@gmail.com> > *Sent:* Wednesday, March 19, 2025 7:56 PM > *To:* Ben Schwartz <bem...@meta.com>; dnsop@ietf.org WG <dnsop@ietf.org> > *Subject:* Domain Control Validation vs Domain Based Authorization > > Ben (Schwartz), I wanted to follow-up on the point you raised at the mic > during dnsop while it is still fresh .. You wanted to make sure that the > draft clearly differentiates these 2 things. I agree with the examples you > cited about domain based > Ben (Schwartz), > > I wanted to follow-up on the point you raised at the mic during dnsop > while it is still fresh .. > > You wanted to make sure that the draft clearly differentiates these 2 > things. I agree with the examples you cited about domain based > authorization (e.g. MX records, and perhaps bluesky handles). > > I think though, that the DCV case sometimes may muddle these 2 things > together, so it may be harder to draw a clear cut distinction. For example, > when Atlassian wants to operate an instance of their application for > customer A using A's domain name, the random challenge token that they ask > A to install in their zone may serve the purpose of both validating control > of the domain and authorizing the deployment of an instance of their app > for that domain name. Arguably, the same could be said to be happening for > ACME certificate issuance. > > Do you have any specific text on this topic you want to propose for > inclusion in the draft? > > Shumon. > >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
