Re: [DNSOP] ANAME in answer or additional section [issue #62]

2019-06-14 Thread Matthijs Mekking
Brian, On 6/13/19 7:50 PM, Brian Dickson wrote: > > > On Wed, Jun 12, 2019 at 1:11 AM Matthijs Mekking > wrote: > > Brian, > > Thanks for the detailed background on why DNAME worked. There are a few > things that caught my attention: > > > When

Re: [DNSOP] Verifying TLD operator authorisation

2019-06-14 Thread Shane Kerr
Nick, On 14/06/2019 04.18, Nick Johnson wrote: I'm working on a system that needs to authenticate a TLD owner/operator in order to take specific actions. We had intended to handle this by requiring them to publish a token in a TXT record under a subdomain of nic.tld, but it's been brought to o

Re: [DNSOP] ANAME in answer or additional section [issue #62]

2019-06-14 Thread Bob Harold
On Thu, Jun 13, 2019 at 6:34 PM Brian Dickson wrote: > > > On Thu, Jun 13, 2019 at 1:51 PM Bob Harold wrote: > >> >> On Thu, Jun 13, 2019 at 1:50 PM Brian Dickson < >> brian.peter.dick...@gmail.com> wrote: >> >>> >>> >>> On Wed, Jun 12, 2019 at 1:11 AM Matthijs Mekking >>> wrote: >>> Brian

Re: [DNSOP] Verifying TLD operator authorisation

2019-06-14 Thread Jim Reid
> On 14 Jun 2019, at 03:18, Nick Johnson > wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator in > order to take specific actions. We had intended to handle this by requiring > them to publish a token in a TXT record This assumes someone who is able to update

Re: [DNSOP] Verifying TLD operator authorisation

2019-06-14 Thread Dr Eberhard W Lisse
Would (GPG encrypted) email to the registered address to the authority not be sufficient? That would make sure the recipient is authorized and must then cause the token to be 'delegated' as the second factor. Greetings, el On 2019-06-14 14:40 , Jim Reid wrote: > > >> On 14 Jun 2019, at 03:18,

Re: [DNSOP] ANAME in answer or additional section [issue #62]

2019-06-14 Thread Thomas Peterson
I don't believe this answers your question directly, however late last year I performed some analysis[0] that showed that 64.17% of the Alexa Top 1 million domains I had queried for www records returned CNAME records that pointed to apex A records. If it is of use for this work I could re-run t

Re: [DNSOP] Verifying TLD operator authorisation

2019-06-14 Thread Jim Reid
> On 14 Jun 2019, at 14:13, Dr Eberhard W Lisse wrote: > > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor. If there was a secure

Re: [DNSOP] Verifying TLD operator authorisation

2019-06-14 Thread Vladimír Čunát
On 6/14/19 3:13 PM, Dr Eberhard W Lisse wrote: > Would (GPG encrypted) email to the registered address to the authority > not be sufficient? That would make sure the recipient is authorized and > must then cause the token to be 'delegated' as the second factor. What GPG key?  Sounds OK to me, *as