We've published a -11 version of draft-ietf-dnsop-domain-verification-techniques with the hope that this is close to ready for another WGLC.
Changes since the version published prior to Montreal (most of these were discussed there or have been discussed on the list since): * Added a Threat Model -- this is the largest change. * Removed the "128 bits of entropy" requirement and replaced it with less specific guidance. * Some smaller changes based on feedback received over the last few months. * Reintroduced "Supporting Multiple Accounts and Multiple Intermediaries" as discussed on Montreal. * Added some explicit text on risks of Amplification Attacks Please take a look and see if there's anything else before we suggest the chairs start WGLC again. Best, Erik On Sun, Feb 1, 2026 at 12:44 PM <[email protected]> wrote: > Internet-Draft draft-ietf-dnsop-domain-verification-techniques-11.txt is > now > available. It is a work item of the Domain Name System Operations (DNSOP) > WG > of the IETF. > > Title: Domain Control Validation using DNS > Authors: Shivan Sahib > Shumon Huque > Paul Wouters > Erik Nygren > Tim Wicinski > Name: draft-ietf-dnsop-domain-verification-techniques-11.txt > Pages: 23 > Dates: 2026-02-01 > > Abstract: > > Many application services on the Internet need to verify ownership or > control of a domain in the Domain Name System (DNS). The general > term for this process is "Domain Control Validation", and can be done > using a variety of methods such as email, HTTP/HTTPS, or the DNS > itself. This document focuses only on DNS-based methods, which > typically involve the Application Service Provider requesting a DNS > record with a specific format and content to be visible in the domain > to be verified. There is wide variation in the details of these > methods today. This document provides some best practices to avoid > known problems. > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-11.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-11 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > I-D-Announce mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
