On Fri, 17 Oct 2025 12:04:56 -0400 Tim Wicinski <[email protected]> wrote:
> All Hello, > We published an update to this draft earlier this week. We did > document and wording cleanup; chased down some issues; working to > align with the draft-ietf-dnsop-integration draft, etc. [cut summary of changes] > We asked for agenda time in Montreal, but barring that we'd like to > hear what is still outstanding. I've read this version of the draft and have a few remarks. ## 5.1.2. Token Metadata As far as I understand the ABNF section, a 'key=' would be a valid item in the RDATA, because 'value = *value-char' means value is made of zero or more value-char's . I would expect the 'key=' to have a value, but when there is no value, it would be defined as 'key' (without the '='). Is it intended to allow 'key=' in the RDATA? # 6. Delegated Domain Control Validation In the second paragraph of section 6, the sentence 'The Intermediary gives the User a CNAME record to add for the domain and Application Service Provider being validated that points to the Intermediary's domain' is not specific enough, but then again the examples earlier in the draft show what should be used. Sorry that I don't have a suggestion how it could be better worded. # 7.2. Service Confusion The word 'in' can be removed from 'While it would also have been possible to include the scope in as an attribute in the TXT record'. # 8. Privacy Considerations I think the 'Domain Operators' can be replaced with 'DNS Administrator' since the first is only used in this section and not defined in section 2. I hope this helps. > > > thanks > tim > > > > > > > ---------- Forwarded message --------- > From: <[email protected]> > Date: Mon, Oct 13, 2025 at 4:26 PM > Subject: I-D Action: > draft-ietf-dnsop-domain-verification-techniques-10.txt To: > <[email protected]> Cc: <[email protected]> > > > Internet-Draft draft-ietf-dnsop-domain-verification-techniques-10.txt > is now available. It is a work item of the Domain Name System > Operations (DNSOP) WG of the IETF. > > Title: Domain Control Validation using DNS > Authors: Shivan Sahib > Shumon Huque > Paul Wouters > Erik Nygren > Tim Wicinski > Name: draft-ietf-dnsop-domain-verification-techniques-10.txt > Pages: 19 > Dates: 2025-10-13 > > Abstract: > > Many application services on the Internet need to verify ownership > or control of a domain in the Domain Name System (DNS). The general > term for this process is "Domain Control Validation", and can be > done using a variety of methods such as email, HTTP/HTTPS, or the DNS > itself. This document focuses only on DNS-based methods, which > typically involve the Application Service Provider requesting a DNS > record with a specific format and content to be visible in the > domain to be verified. There is wide variation in the details of > these methods today. This document provides some best practices to > avoid known problems. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-10.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-10 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > I-D-Announce mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgpppHFzznjJ7.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
