Re: [DNSOP] Verifying TLD operator authorisation

Il 20 giugno 2019 00:28 Nick Johnson ha scritto: I think I addressed this upthread: If someone has the ability to change a zone's DNS records and generate valid DNSSEC signatures for them (which we will be requiring and verifying), t

Re: [DNSOP] Verifying TLD operator authorisation

On Sat, 15 Jun 2019 at 19:36, Nick Johnson wrote: > On Sat, Jun 15, 2019 at 2:21 AM Stephane Bortzmeyer > wrote: > >> On Fri, Jun 14, 2019 at 02:38:11PM +1200, >> Nick Johnson wrote >> a message of 173 lines which said: >> >> > Indeed - it's my understanding that ICANN forbids publishing any

Re: [DNSOP] Verifying TLD operator authorisation

If y'all care what gets published in a TLD, please take a look at https://datatracker.ietf.org/doc/draft-ietf-dmarc-psd/ which is an experimental draft that will go into WGLC last call soon. This was driven by wanting to add _dmarc records into TLDs, per ICANN rules it needs to be an RFC. Tim (Mu

Re: [DNSOP] Verifying TLD operator authorisation

> On 20 Jun 2019, at 8:45 am, Joe Abley wrote: > > On 19 Jun 2019, at 18:28, Nick Johnson > wrote: > >> On Tue, Jun 18, 2019 at 10:15 PM Bjarni Rúnar Einarsson >> wrote: >> The SOA record for a TLD contains two DNS names which should be >> under the control of the NIC: that of the primary

Re: [DNSOP] Verifying TLD operator authorisation

On 19 Jun 2019, at 18:28, Nick Johnson wrote: > On Tue, Jun 18, 2019 at 10:15 PM Bjarni Rúnar Einarsson > wrote: > The SOA record for a TLD contains two DNS names which should be > under the control of the NIC: that of the primary master > nameserver, and the e-mail of the

Re: [DNSOP] Verifying TLD operator authorisation

On Tue, Jun 18, 2019 at 10:15 PM Bjarni Rúnar Einarsson wrote: > The SOA record for a TLD contains two DNS names which should be > under the control of the NIC: that of the primary master > nameserver, and the e-mail of the responsible administrator > (which includes a domain name). > This seems

Re: [DNSOP] Verifying TLD operator authorisation

> On 18 Jun 2019, at 14:56, Shane Kerr wrote: > >> Being able to control a zone’s SOA record (or whatever) means just that. No >> more, no less. It doesn’t mean someone who has that ability also has the >> authority to change the zone’s delegation even though they can manipulate >> the zone

Re: [DNSOP] Verifying TLD operator authorisation

Jim, On 18/06/2019 13.27, Jim Reid wrote: On 18 Jun 2019, at 11:13, Bjarni Rúnar Einarsson wrote: The SOA record for a TLD contains two DNS names which should be under the control of the NIC ... People on this list can probably comment on whether my above assumption is correct, and whether

Re: [DNSOP] Verifying TLD operator authorisation

> On 18 Jun 2019, at 11:13, Bjarni Rúnar Einarsson wrote: > > The SOA record for a TLD contains two DNS names which should be > under the control of the NIC ... > People on this list can probably comment on whether my above > assumption is correct, and whether those are good candidates for > wh

Re: [DNSOP] Verifying TLD operator authorisation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Nick, everyone, Nick Johnson wrote: > I'm working on a system that needs to authenticate a TLD > owner/operator in order to take specific actions. We had > intended to handle this by requiring them to publish a token in > a TXT record under a su

Re: [DNSOP] Verifying TLD operator authorisation

On Fri, Jun 14, 2019 at 7:12 PM Shane Kerr wrote: > Nick, > > On 14/06/2019 04.18, Nick Johnson wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator > > in order to take specific actions. We had intended to handle this by > > requiring them to publish a token in a TX

Re: [DNSOP] Verifying TLD operator authorisation

On 6/14/19 3:13 PM, Dr Eberhard W Lisse wrote: > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor. What GPG key?  Sounds OK to me, *as

Re: [DNSOP] Verifying TLD operator authorisation

> On 14 Jun 2019, at 14:13, Dr Eberhard W Lisse wrote: > > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor. If there was a secure

Re: [DNSOP] Verifying TLD operator authorisation

Would (GPG encrypted) email to the registered address to the authority not be sufficient? That would make sure the recipient is authorized and must then cause the token to be 'delegated' as the second factor. Greetings, el On 2019-06-14 14:40 , Jim Reid wrote: > > >> On 14 Jun 2019, at 03:18,

Re: [DNSOP] Verifying TLD operator authorisation

> On 14 Jun 2019, at 03:18, Nick Johnson > wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator in > order to take specific actions. We had intended to handle this by requiring > them to publish a token in a TXT record This assumes someone who is able to update

Re: [DNSOP] Verifying TLD operator authorisation

Nick, On 14/06/2019 04.18, Nick Johnson wrote: I'm working on a system that needs to authenticate a TLD owner/operator in order to take specific actions. We had intended to handle this by requiring them to publish a token in a TXT record under a subdomain of nic.tld, but it's been brought to o

Re: [DNSOP] Verifying TLD operator authorisation

On Fri, Jun 14, 2019 at 3:02 PM Rubens Kuhl wrote: > > > On 13 Jun 2019, at 23:56, Nick Johnson wrote: > > On Fri, Jun 14, 2019 at 2:51 PM Rubens Kuhl wrote: > >> >> >> On 13 Jun 2019, at 23:18, Nick Johnson < >> nick=40ethereum@dmarc.ietf.org> wrote: >> >> I'm working on a system that need

Re: [DNSOP] Verifying TLD operator authorisation

> On 13 Jun 2019, at 23:56, Nick Johnson wrote: > > On Fri, Jun 14, 2019 at 2:51 PM Rubens Kuhl > wrote: > > >> On 13 Jun 2019, at 23:18, Nick Johnson > > wrote: >> >> I'm working on a system that needs to authenticate a TLD

Re: [DNSOP] Verifying TLD operator authorisation

On Fri, Jun 14, 2019 at 2:51 PM Rubens Kuhl wrote: > > > On 13 Jun 2019, at 23:18, Nick Johnson > wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator in > order to take specific actions. We had intended to handle this by requiring > them to publish a token in a TXT

Re: [DNSOP] Verifying TLD operator authorisation

> On 13 Jun 2019, at 23:18, Nick Johnson > wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator in > order to take specific actions. We had intended to handle this by requiring > them to publish a token in a TXT record under a subdomain of nic.tld, but > it's b

Re: [DNSOP] Verifying TLD operator authorisation

On Fri, Jun 14, 2019 at 2:30 PM Joe Abley wrote: > On Jun 13, 2019, at 22:18, Nick Johnson > wrote: > > > I'm working on a system that needs to authenticate a TLD owner/operator > in order to take specific actions. > > Can you give an example of the actions? > We build and maintain ENS, a namin

Re: [DNSOP] Verifying TLD operator authorisation

On Jun 13, 2019, at 22:18, Nick Johnson wrote: > I'm working on a system that needs to authenticate a TLD owner/operator in > order to take specific actions. Can you give an example of the actions? When you say "owner/operator" what exactly do you mean? > We had intended to handle this by req