Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
Antoine Delignat-Lavaud <antdl@microsoft.com> Fri, 09 June 2023 15:10 UTC
Return-Path: <antdl@microsoft.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09881C151B3F; Fri, 9 Jun 2023 08:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.086
X-Spam-Level:
X-Spam-Status: No, score=-1.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DOTGOV_IMAGE=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AtxdxCPHzhQC; Fri, 9 Jun 2023 08:10:41 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20728.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::728]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2626C151B3B; Fri, 9 Jun 2023 08:10:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U87oWFT60UwwJJBSQYWpuIIeebZHSdgWjaghZKYdtk3GsCRQpQX/1RAmgTCWFJ+/Nn2/3MdhJns4y5NfGgM92Y3qHrXkuIN1ShdE+uwvNCchH4ST7CJTY/8fPoGcMKueJEzFAg1wYdBGz1gYyBDlJK+PJB0YPrA/Zxr20/T4yEWfHeZPVTJxsUKl6n90o4UL1qbH1UYItrwe93WW+tky8JQ7X83kEGM2dK5Tc/Ql1zrblEdJHCOxUrn1pbneemSEzYMae994HRxQuZCjS8lGOsGk5l/CjOdlZjHl/7rUvFwK14wV5muqBBCT+0wggdr1nXEMeWY/mA07Pgfjj0LBHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NmTtOactAN2NNf7yow+dG1xceFPvAhWblD5uBrzK2e0=; b=h8wqiKnUsjLWnt0mtqz0GWXu4ivilhTJgO6JVpuFxMHW38AKqfrvIQcoKNanvKLNRlr+bD+9LAbkaYZ/h0OacXdQOdb9vPl5+AdPnFf7XEAqPv7aIn02KfLqwm6WYNXdEF5rZdyfjbfSrwBpTBFDtbda+GHVC9GdHpGgi4gIRJVH5Z3burxHZ6kNIOAcRVIUPl2Kfg/NK5hLBISKbZxWKC/QUq6GRij+JVQiBCzSxdqww18kPBaYGXVGmKUFPPzt+vW2XLa4Iz/EGq5D2zHv17IOxTmZftnlpNnNLGEWlo+zJ3+ef03OpUzJ9e5y8XI/3kQ5iFE9ZadoSftbcHcuFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NmTtOactAN2NNf7yow+dG1xceFPvAhWblD5uBrzK2e0=; b=UB3TecFwTIOgznBxPxT5oymT1+iwtsVAvOcdRpePHrzSPY0rrqRx+RFswtwv7lq3SWg6MwGMBOMh0IxFho0hnZQCXp8Fwlvjd3zq5YA9eXP7J4/KEgigAVA/4aCScy7RhE7IX417Qc8ymo2J2/o3iOQJ7RXbgb24qf8KsUHqGkY=
Received: from PA4PR83MB0527.EURPRD83.prod.outlook.com (2603:10a6:102:26c::17) by DBAPR83MB0470.EURPRD83.prod.outlook.com (2603:10a6:10:19d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.17; Fri, 9 Jun 2023 15:10:34 +0000
Received: from PA4PR83MB0527.EURPRD83.prod.outlook.com ([fe80::ec7e:6311:20bb:c205]) by PA4PR83MB0527.EURPRD83.prod.outlook.com ([fe80::ec7e:6311:20bb:c205%6]) with mapi id 15.20.6500.012; Fri, 9 Jun 2023 15:10:34 +0000
From: Antoine Delignat-Lavaud <antdl@microsoft.com>
To: Orie Steele <orie@transmute.industries>, "dance@ietf.org" <dance@ietf.org>
CC: "jacques.latour@cira.ca" <jacques.latour@cira.ca>, "uta@ietf.org" <uta@ietf.org>, scitt <scitt@ietf.org>
Thread-Topic: [EXTERNAL] Re: [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
Thread-Index: AQHZmh0IECuei68cf0i8OJXQiq9kV6+Ci5RQ
Date: Fri, 09 Jun 2023 15:10:34 +0000
Message-ID: <PA4PR83MB0527E89A708983B5BC27918AB251A@PA4PR83MB0527.EURPRD83.prod.outlook.com>
References: <CAN8C-_KcJ8G+QX99SA859N=oS8-cXqziy-WwovV7jUS6GM29EQ@mail.gmail.com>
In-Reply-To: <CAN8C-_KcJ8G+QX99SA859N=oS8-cXqziy-WwovV7jUS6GM29EQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=70c6c1dc-3660-43ba-b886-b88952222ad9; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-06-09T14:37:22Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PA4PR83MB0527:EE_|DBAPR83MB0470:EE_
x-ms-office365-filtering-correlation-id: ae649b26-802e-407f-f3a7-08db68fbaca5
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B5Tx3HshtYvZiPgrglmy8NG6Zz5Ru87Yty15qvJHJb8gQtr/A2F+dpZtGREwHJtuQ/HMvoDzOMXfkYXE1cASU3hxVMvyTayTk8aTZDQkS9NYYs5aQaZmwzAyfcAhB+F50D3u+BXLeZske1dQVW+EkMH3I/Fq2znib6VlSskGZo6s9feKzFmXRK1+5uf1rUyxTe49HsgzQ/EGkPpSqxZKBPprh4C+EHmpJV5E6XRK3xMc4G2AAWLNDYY0JaLxK/3DcGtztrQS0Sltrs/wNoKKgrDd//AzOZd2sW+fD/kj9t5doE0ae7RlgeOq9S5DfvuMXsh7hHyx+sgrqpd2Dhc20Huq8YLJJh1reYAMuAXBoUasRA1r0Y9b03RQ66NGI/LRDeVsSw9oCJDBRAUwZXg8gUZkHTo6htdsJkO9hUBTNJtwU4XSJgDNTYF2TSagkkQwCq7lqzSXAzX2en0mVSlHUOiZzreafgav2KGOp2ZiaTNDeZU3T3NgAGdZ4tlz6NbwMX4LdmneEmknRmcpsquG5ayrakcSXDPO6PXntWhhnSiUeb2j6NL73VA3dNGAvJqv8Pbo5J/lcn6Yw7twY/B+4QxN3VnIfSuGc5VyYi48y1y+IberXTElKNLUYzPjvp9uLnAEujtsbof7EjS0aw1uHdWB4x+m4RKQya6ipKJiOuYyiMMUwXRvtSzHAov5r/eq
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR83MB0527.EURPRD83.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(136003)(396003)(346002)(39860400002)(366004)(451199021)(1690799014)(6506007)(38100700002)(41300700001)(7696005)(966005)(186003)(9686003)(53546011)(10290500003)(99936003)(478600001)(71200400001)(110136005)(54906003)(82950400001)(82960400001)(4326008)(76116006)(55016003)(122000001)(64756008)(66446008)(66476007)(66556008)(66946007)(316002)(8676002)(8936002)(5660300002)(52536014)(166002)(2906002)(86362001)(33656002)(38070700005)(8990500004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: pmqe4DdCvrHitnoCeHj0/VeCsWiwZpmgWfAGDIwXTTeZIwUrU39Fta/zSLdWmgPo2zeOHEx50wGhae1DHNdB6JTinCskLrHHsHNr7Wd1cdCjLKc2abo4Mdu1pwAacrx9tpU/mu0MGDXCWHoztXHc6DQpaaRqdRlqEWi2DRS/2hoeTA6LY5HED1oHqvV6S/uqFW+gH7T/hJjMzZcAmvhx8KqWX2gm8Nqrbd8thxr4snKyKAMgTyd6hjj8uYh/zuHZLBGgK8KeIEUj94unk9oAZjp1/1y3EI92EnLhbE+PSz1pN8j43H2OOlRBw0FsUTd/604QaLo6VtprrV7aFaIz81gDSYuq/HfQjlbJiOUEPmteEvfFqUE1mYrp248DreT665nVkdQc2GgFPI7wyXaFs4wHNdGcteqSE2B9mhu68BV5LS4jdNEeSSrKjsx5WFrD7WD5CckJ3+y72G9XTZL59/dr1+atgo7PRjBk4jaGaBuGYDhHT8cYIKgD6zHqtjkxrFoWSdYwJCQhBa9A2LMxanrdAaJCPOnw56txJ7/lWuRuk2kxDPe9TTKW/iWNR4OMkk4QXg+VnPg2SPB4S0dswotvNx0nhC7up60oC+qVRMv0Ag3IWVjnfgJsRedqjLl7VSZSo3H136EnS3vxLFQBRxIQu9tl8e7F75Jxc8RfNlHLhmARl2vYcIyeFxW2VqySpE08OIr29JCF/p2RVpHYJJZa+eFoHJ5nUuGzg5xWwwQTFq7+iK1yjS9VW0nfzj8N1SRaO1VthS4VUS9uZHbty3rsuwjMqZjYkVTr5540EIMzEkvSz3V6MUIHHP5J8BCnhALA69qZFLtT6YPMZ8lIm6Urg/M6TL0iVs42D/+akc6/TORcmkxQHC3i9YWS4cHXpCn0QjYlhjEck9hI9tdsHsYpRuiBG6H5LCaE8u1TkKll6QgMPEPBx7Nd1PJnwhdQfBVhqZepAt0UCd52ucRLVEigFqxi/PoC+kGHc90TCJhcNMhDPFN7ueOMyq6EH8ATxNbxra2kC0QxzZYwK8+gk6HTrR49N0iyHLgbIaNhnK91Nb0OEIgUaa3gesv7uYg4p/udA4o5P7cB9qXX++QjpZCSyCw87N/LcRCH6+ikmXtQQQb4/WmRN7oC0yrUinUJVgATdD1WExEhN3KfGuWAevEmKGOG2N5Z793c/MzJuiJfnCLECD8T5q5xNRp7f3kMf6Nj5hnOdIHIXZXa8zzncA+mDK7bNNk7TIluCELrODCz9hWtdK5Z9P2eLPsd3Jz13vs4I1mdYaqYxMbAEmAonGYWWysiJbCeGL1adFUYag9SiOULcCg3a53Evxmt6aemrkouYBk83Yjfcx4DY7kPIyyYGcGd1nU+qNnPkEP3iVe4GbGovM3mM15/urBtDyscDyimODGvJej8xpc/Ck4FcITg+vrKZyHSzLZZWgxJbSRp0D6rlZgidHXIdEMbyIH/W0kpdTjVgElFPF3KTgq9tLxo2KIpMkvFHZN1iZID3ryuekJfBgQCz+LNEiaw0FRpFl1vq1X+vFzy+tkMReejzXv8OrOyLzYvbZNVLZira1S9l959fuimSYHmLNmsG76zOac0Vgqj1uskX8kaHVD/ZUKkdc999NozD5KIMd9gj/K5TJPl2Rthn1n4byfa6Nlm
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_008E_01D99AEC.EB430E60"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA4PR83MB0527.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ae649b26-802e-407f-f3a7-08db68fbaca5
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2023 15:10:34.5240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +/M7MbdmJXz+R+Uo2G8Q/6ezyQXJTk47WaEGgneC4wBWkie1scVtKgY9KaDiPfTMW0AXr9Keu7ObQ1TWsSRo/A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR83MB0470
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/axnPFlQW9VyUKAvHBXjhi15oabs>
Subject: Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 15:10:46 -0000
I'm all for a DNS-based DID method, as unlike did:web it would be possible to audit a did:dns resolution by keeping the DNSSEC signatures and key chain. It is probably a good idea to only enable did:dns on DNSSEC zones, otherwise inconsistencies can be blamed on network attackers, DNS caches, etc. I don't like using a very short prefix to find DID keys in TXT records. There are already too many ways to abuse cross-protocol ability to set TXT records (e.g. DKIM, ACME, SPF, etc) Given that there are several existing DNS record types for keys (DNSKEY, KEY, IPSECKEY, OPENPGPKEY, TLSA, TKEY), I would also prefer to re-use an existing standard rather than introduce yet another DNS record type. DNSKEY and TLSA are both decent option, through the later is designed for ASN.1 encoded keys and is a bit annoying to convert with JWKS/CKS. Best, Antoine From: SCITT <scitt-bounces@ietf.org> On Behalf Of Orie Steele Sent: Thursday, June 8, 2023 4:22 PM To: dance@ietf.org Cc: jacques.latour@cira.ca; uta@ietf.org; scitt <scitt@ietf.org> Subject: [EXTERNAL] Re: [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries Original thread: https://mailarchive.ietf.org/arch/msg/dance/g0eSMxmZzb1ucsFtgkVkICV5Hh8/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchi ve.ietf.org%2Farch%2Fmsg%2Fdance%2Fg0eSMxmZzb1ucsFtgkVkICV5Hh8%2F&data=05%7C 01%7Cantdl%40microsoft.com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f1 41af91ab2d7cd011db47%7C1%7C0%7C638218345468867932%7CUnknown%7CTWFpbGZsb3d8ey JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7 C%7C&sdata=V44MiJjKSt85QVoePlQJhn4d1Gj60HVB7mBUybxwsbE%3D&reserved=0> I read https://www.ietf.org/archive/id/draft-latour-dns-and-digital-trust-00.html <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf. org%2Farchive%2Fid%2Fdraft-latour-dns-and-digital-trust-00.html&data=05%7C01 %7Cantdl%40microsoft.com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f141 af91ab2d7cd011db47%7C1%7C0%7C638218345468867932%7CUnknown%7CTWFpbGZsb3d8eyJW IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C% 7C&sdata=XS4CcwWP9SBooeMsYwPL7pKlzZSAc0i0Jw5mhw8ULMk%3D&reserved=0> Previously I had read: - https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrack er.ietf.org%2Fdoc%2Fdraft-mayrhofer-did-dns%2F&data=05%7C01%7Cantdl%40micros oft.com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f141af91ab2d7cd011db4 7%7C1%7C0%7C638218345469024142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MRXm6gqr I0fdPLD1%2FXkRG1rsvlcXgbqwY0PgGziwyns%3D&reserved=0> - https://identity.foundation/.well-known/resources/did-configuration/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidentity. foundation%2F.well-known%2Fresources%2Fdid-configuration%2F&data=05%7C01%7Ca ntdl%40microsoft.com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f141af91 ab2d7cd011db47%7C1%7C0%7C638218345469024142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s data=el6evHnTtjnFasREelT1Ai3b%2F9Hr4YyQext2vcdfzv0%3D&reserved=0> (I'm co-author) I don't understand the role that "example-issuer.ca <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fexample-is suer.ca%2F&data=05%7C01%7Cantdl%40microsoft.com%7Cd090b78c3a4a4499a63808db68 342650%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638218345469024142%7CUnk nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV CI6Mn0%3D%7C3000%7C%7C%7C&sdata=EVkmskvf9Ty%2BmEwOWE4qGDHt68Tna73hcgcyWb6IBm c%3D&reserved=0> " is playing in these records. Why is there a need to structure the record "key" to include CA information? Is https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatrack er.ietf.org%2Fdoc%2Fdraft-ietf-uta-rfc6125bis%2F&data=05%7C01%7Cantdl%40micr osoft.com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f141af91ab2d7cd011d b47%7C1%7C0%7C638218345469024142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=u5J9mj jrEL0huA4aeLkzB7GbP5HnS03rkhV8rNklgjo%3D&reserved=0> relevant to this conversation? I wanted to share some related work, from BlueSky: They support linking https://www.w3.org/TR/did-core/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or g%2FTR%2Fdid-core%2F&data=05%7C01%7Cantdl%40microsoft.com%7Cd090b78c3a4a4499 a63808db68342650%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63821834546902 4142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9xUk2xQG0iGQwOblIG94gcUmSew4oevUJe ErF0OewgM%3D&reserved=0> to specific domains, this allows for the natural control of a domain to be used to establish the natural authority of an identifier, For example: dig -t txt _atproto.wyden.senate.gov <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fatproto.wy den.senate.gov%2F&data=05%7C01%7Cantdl%40microsoft.com%7Cd090b78c3a4a4499a63 808db68342650%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63821834546902414 2%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW wiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bHHFaB5%2FAy%2Fuj6D%2BLd2maHxGPiR1PLu rhuTmlYwlnAY%3D&reserved=0> | grep 'did=' | grep -o '"did=.*"' | jq -r 'split("=")[1]' https://github.com/w3c/did-spec-registries/pull/515 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Fw3c%2Fdid-spec-registries%2Fpull%2F515&data=05%7C01%7Cantdl%40microsoft. com%7Cd090b78c3a4a4499a63808db68342650%7C72f988bf86f141af91ab2d7cd011db47%7C 1%7C0%7C638218345469024142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SSNIjq3qC9ia W%2B2tpAq1PHScv6mYcxBhuHtB8KLPdgk%3D&reserved=0> I would like to see a standard way to link decentralized identifiers to domains documented somewhere at IETF. Including UTA & SCITT in case there are folks with relevant comments. Regards, OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <http://www.transmute.industries> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftransmute .industries%2F&data=05%7C01%7Cantdl%40microsoft.com%7Cd090b78c3a4a4499a63808 db68342650%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638218345469024142%7 CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1RRTFtUI15nKsuaQc8%2BIlPKs18PySUMcr0QyZv iLE9Y%3D&reserved=0>
- Re: [Dance] Leveraging DNS in Digital Trust: Cred… Orie Steele
- Re: [Dance] [SCITT] Leveraging DNS in Digital Tru… Dick Brooks
- Re: [Dance] [EXT] Re: Leveraging DNS in Digital T… Jacques Latour
- Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS… Antoine Delignat-Lavaud
- Re: [Dance] [SCITT] [EXTERNAL] Re: Leveraging DNS… Dick Brooks
- Re: [Dance] [EXT] Re: Leveraging DNS in Digital T… Orie Steele
- Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS… Orie Steele