IETF Logo Mail Archive

Re: [Dance] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries

Orie Steele <orie@transmute.industries> Thu, 08 June 2023 15:22 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDE1C14CF0D for <dance@ietfa.amsl.com>; Thu, 8 Jun 2023 08:22:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.075
X-Spam-Level:
X-Spam-Status: No, score=-7.075 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuyJSs7v4rW0 for <dance@ietfa.amsl.com>; Thu, 8 Jun 2023 08:22:11 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6429C14CE54 for <dance@ietf.org>; Thu, 8 Jun 2023 08:22:11 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-976a0a1a92bso143252666b.1 for <dance@ietf.org>; Thu, 08 Jun 2023 08:22:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1686237729; x=1688829729; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ps3OE+Ped5n4xG31A04DIJ7os/6HZkowLFJbGX7hJVQ=; b=OQSqD0tEJ3VQkidAzSqE7KMMMoVjuDb+sBBXKbeqGbOlIu+0nnyHBW3Vl/G7jWi/2Z 9IjjmCfi9g6WL4UaHaUDeyo5e12eFrULnrqbb+WJSbBfdapmNUPaJTbuiKW/rO8Jaq7i 1CTXR8sEK6XOeRt53F8AN8LZeceYgzK3TUNcfSNHJW8rFueHSSljvsjFwgrBrqW0ypJN /SqRvJ2lmQpoye5CY2GGkwOaO+dOMF5HtZV3wZUVxA9T25YOtfvJNhLKkI1Kb3rl8sue 318rk8WgdxvD/tlBMetiw7ET9XJoTvf/z7aYnZIZyg5VKaxwGdC3k5B6NpkFxbGSovUa y2xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686237729; x=1688829729; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ps3OE+Ped5n4xG31A04DIJ7os/6HZkowLFJbGX7hJVQ=; b=GS8FDLYsbEYzXP7KkTHdFKKJQ1jnvWgYGMCibmpt062co11Dr2vJmGEH/LR9wJxx6d KCQNN23nG1HZeDhFnIGcUAU03k+eBqEug5xjAOqjR0oX5qViAAdIVxEcRLwlej5DNjmv YWYsJrmTOxvHMcEyWsGKK3j6ELud/+IoO//p1b0AkSnFtFUUZF564UUbA4r5u0GXVX+p 4aKGibOvb+j902cYcU80RsMRACl8KfeEdXbnAlKY/EIZLRZ4W+UabLpYMuECpkjyVhNH 3g8NgvO7iBeyUy8DyzG6Ppr3od3yMps4LbMS2oyF1eL+fnUgUMN88MCuX062jVRE61qh gkVQ==
X-Gm-Message-State: AC+VfDyEjuR7i1mUUdUVVsSGvOqb24FCWSb3NUBH7rTNH4f+GvKP8omg nEDxoqRB5rwXNvDJIoLgACtKXKnobu1z3qg3jIVEcZWsDgeN7b7E4yQMJA==
X-Google-Smtp-Source: ACHHUZ68JwNBoB8iPlLmG9r5iLlO2S8ISb4j1GYk/5EDk/e6LSLU9WVdeMqYmyKsVd3ckeDZJF5DTffJB/SY4+ladFw=
X-Received: by 2002:a17:906:eecd:b0:96f:5f44:ea02 with SMTP id wu13-20020a170906eecd00b0096f5f44ea02mr125753ejb.8.1686237729584; Thu, 08 Jun 2023 08:22:09 -0700 (PDT)
MIME-Version: 1.0
From: Orie Steele <orie@transmute.industries>
Date: Thu, 08 Jun 2023 10:21:58 -0500
Message-ID: <CAN8C-_KcJ8G+QX99SA859N=oS8-cXqziy-WwovV7jUS6GM29EQ@mail.gmail.com>
To: dance@ietf.org
Cc: jacques.latour@cira.ca, uta@ietf.org, scitt <scitt@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e10c4505fd9fd011"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/TZTR9tEVvBKhBLrxyS-PACrF88U>
Subject: Re: [Dance] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 15:22:16 -0000

Original thread:
https://mailarchive.ietf.org/arch/msg/dance/g0eSMxmZzb1ucsFtgkVkICV5Hh8/

I read
https://www.ietf.org/archive/id/draft-latour-dns-and-digital-trust-00.html

Previously I had read:
- https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/
- https://identity.foundation/.well-known/resources/did-configuration/ (I'm
co-author)

I don't understand the role that "example-issuer.ca" is playing in these
records.

Why is there a need to structure the record "key" to include CA information?

Is https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ relevant to
this conversation?

I wanted to share some related work, from BlueSky:

They support linking https://www.w3.org/TR/did-core/ to specific domains,
this allows for the natural control of a domain to be used to establish the
natural authority of an identifier,

For example:

dig -t txt _atproto.wyden.senate.gov | grep 'did=' | grep -o '"did=.*"' |
jq -r 'split("=")[1]'

https://github.com/w3c/did-spec-registries/pull/515

I would like to see a standard way to link decentralized identifiers to
domains documented somewhere at IETF.

Including UTA & SCITT in case there are folks with relevant comments.

Regards,

OS

-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email