[dconn] Re: 6.4. Public Key Publication clarification
Pawel Kowalik <kowalik@denic.de> Fri, 13 March 2026 06:39 UTC
Return-Path: <kowalik@denic.de>
X-Original-To: dconn@mail2.ietf.org
Delivered-To: dconn@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DED66C9449CB for <dconn@mail2.ietf.org>; Thu, 12 Mar 2026 23:39:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=denic.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5zRONj7P1nl for <dconn@mail2.ietf.org>; Thu, 12 Mar 2026 23:39:27 -0700 (PDT)
Received: from mout-b-105.mailbox.org (mout-b-105.mailbox.org [195.10.208.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3EDA2C9449C0 for <dconn@ietf.org>; Thu, 12 Mar 2026 23:39:26 -0700 (PDT)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-105.mailbox.org (Postfix) with ESMTPS id 4fXFFf07Yfz9xJf; Fri, 13 Mar 2026 07:39:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denic.de; s=MBO0001; t=1773383958; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=DVS5xyIhsXs7gmasyp33+Cb+J56WvICYUBXMQ0BmKn8=; b=ntB8V3Uf5hHbPk21HdNm8K2YSfzsq6OWuL+QjiOX9fHOIFz6FmlOX3mTJ0DyIKtCj5ONAj bnSTcXMKueRRRTfGWSV2rQQookmdiV41W7cMjtanczzleSjBIC8gIIIh4k/pk4S5EjB75d pn537ShUvj0ydUxArfdUSkKu68/bYnAYwH2YY3KwYVUF/5uaO07+ZtJG6dWgmCe8ucjLoo rhBBwDQLZ9BaDF5DNlplho477udk8bpwVwRAQ9Zfi7XaYziEdmVoe4mnsgkv8foeEGgzNB qV9Rem7CQJSHl71EOlHC4eDXd0DHp5u1rVgEJTFzdECga6POwqF3SVi3I4CNqg==
Message-ID: <3ef22432-0176-4575-9fcd-8be329dc3c4e@denic.de>
Date: Fri, 13 Mar 2026 07:39:16 +0100
MIME-Version: 1.0
From: Pawel Kowalik <kowalik@denic.de>
To: Sami Kerola <kerolasa=40cloudflare.com@dmarc.ietf.org>, Pawel Kowalik <kowalik=40denic.de@dmarc.ietf.org>
References: <CAEnV9zp-jQwGNEEVems5VwP-YFZRzNbEMtYUZPrB5Ni3uhutwQ@mail.gmail.com> <2a3cdbe7-dcbb-4df7-9932-d7d100f5ed6a@denic.de> <CAEnV9zoAFAW+NUk81fT1hMnZ+PtC1tnYZGyBMiA+-wPO=q9JHw@mail.gmail.com>
Content-Language: en-GB, de-DE
In-Reply-To: <CAEnV9zoAFAW+NUk81fT1hMnZ+PtC1tnYZGyBMiA+-wPO=q9JHw@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms080205030709030706020708"
X-MBO-RS-META: i8ogf4tko1bipib4yqe9z37td9za17ih
X-MBO-RS-ID: d122b700e76536f452f
Message-ID-Hash: RF7FI4U44G4PHZQLE4HHP2PDUWPDRGX7
X-Message-ID-Hash: RF7FI4U44G4PHZQLE4HHP2PDUWPDRGX7
X-MailFrom: kowalik@denic.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Domain Connect <dconn@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dconn] Re: 6.4. Public Key Publication clarification
List-Id: "Domain Connect is a protocol that makes it easy for a user to configure DNS for a domain running at a DNS provider to work with a Service running at an independent Service Provider." <dconn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dconn/l-U5QYwn-od_Z2-deeQioy3bFYM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dconn>
List-Help: <mailto:dconn-request@ietf.org?subject=help>
List-Owner: <mailto:dconn-owner@ietf.org>
List-Post: <mailto:dconn@ietf.org>
List-Subscribe: <mailto:dconn-join@ietf.org>
List-Unsubscribe: <mailto:dconn-leave@ietf.org>
Hi Sami, On 12.03.26 17:18, Sami Kerola wrote: >> I propose to add: >> >> Service Provider MUST NOT publish more than one key on the same host name. > I favour one hostname, one key. Would this version work better for you? Service Provider MUST publish exactly one key on one host name. Multiple keys MUST be published on different host names. Kind Regards, Pawel
- [dconn] 6.4. Public Key Publication clarification Sami Kerola
- [dconn] Re: 6.4. Public Key Publication clarifica… Pawel Kowalik
- [dconn] Re: 6.4. Public Key Publication clarifica… Sami Kerola
- [dconn] Re: 6.4. Public Key Publication clarifica… Pawel Kowalik