Re: [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt

Alexander Mayrhofer <> Mon, 18 February 2019 14:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 92806130F61 for <>; Mon, 18 Feb 2019 06:01:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id W2Sz0R9Xc0_p for <>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 46428130F0F for <>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: by with SMTP id z25so6617611ljk.8 for <>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=Dzj1McnijAKX1tMQM+90dUkr0SmKPokJDJz8IwUypLBsj2Sf8Eat3Eh5Uwr3zo+sgF ojVe4Czb7sMaJsQMsroK/nGfYH4xBGVej54IlAzAgELW99DyqmXsjIJtUjz0zYhtnn0r 6uh75uYqar9gN2mLHETNTutPqgzgntD3skhXo0fa/Q/5Re6htEjfLNY4gOkLsns+uu97 LRqwdd0FKxVECx9q7TvWKmVVnUOX504fbK3ljwCwpe9axj7dq6jFzLC+PeGJZBxbDqnj /C+P+PxMcC8bsgFNMPral4bsDSfNy9QnNMawFdTgsXM7JYF0/RXJxn6UoeFZlALWb56q IuUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=l1ve9mK10HBXng27zFtFLKn+aqAfI5TV3j5iGVBwyNVJvTN0VP9Y/T6hoyKEEojVWj 24WKCqldyBi3woyxRWW3oB6sQlaCtIPe4g7FIwFEcfvl3T3nhqXzjIZurfvck4qR8kSC /U1oKUpvyEUT+/jafNnn0l4Y8RdToCzO2fJk69BbG2ev5yj0u1rauZwTNCO2TxdeijXX YHyS2ZtJ3dNnRr1ZWnMMnTf2OQsR+WnvOuFdPJX+aqBSiHTX+XMf8fNScxdRyI0Mt4Gm DjPAB/XQteLqFjEC/wLPNZQn5rHSqFzmCTe24w4zbJj7k61wWZ4Yyby2ceVjrHPVQUEz eEqQ==
X-Gm-Message-State: AHQUAubN1M9mAYrJaL4x8wW3R69YlovuqPQJfNAe4xgAe4zdJbdPwKbm gsWI/N3/mya6wfZ4PJzdoqhDkjPwyTK0JupZMHA=
X-Google-Smtp-Source: AHgI3IZA1EKSTmHE09ipOSQxS1BhyJsMXMnycZ0yt44y5du0fKczzsJqKvLQKkloBXhjOfbrNRWHAbHYQXOTQE3LHZQ=
X-Received: by 2002:a2e:90cd:: with SMTP id o13mr4866643ljg.153.1550498465345; Mon, 18 Feb 2019 06:01:05 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Alexander Mayrhofer <>
Date: Mon, 18 Feb 2019 15:00:54 +0100
Message-ID: <>
To: Stephane Bortzmeyer <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Feb 2019 14:01:18 -0000

Stephane, all,

[I feel cautious about continuing to cross-post this to dnsop as well
as dinrg - however, it does apply to both areas, so i'll keep both
groups in for now]

On Fri, Feb 15, 2019 at 10:37 AM Stephane Bortzmeyer <> wrote:
> I think that it is an important work because it brings the power of
> the DNS to many other identifier systems. So, I support it.

Thanks - great to hear. I'm hearing that DIDs are being used in more
and more situations, so i think it makes sense to define that
"bridging" protocol between the two "worlds.

> May be more examples could help people figure out the use cases? "My
> Bitcoin address is at foobar.example" and then the Bitcoin software
> would query _did.foobar.example and get
> <did:bitcoin:1NZc7FJ7eHJgRMRSrmncJJM9bPnusJeuR6>.

I will add more examples in the next revision. We also need to include
an example for the "email address" use case.

> I note that there exists already non-standard (and probably not really
> deployed) solutions in that space, some specific to a TLD
> <>
> <>

I'm aware of the .luxe initiative, however, i haven't yet seen any
technical specifications about how the connection between DNS and
Blockchains is performed. If anybody has a pointer, i'd definitely
appreciate it.

The other alternative proposal i've found is -
scroll down for their definition of the TXT record. They don't use
DIDs as far as i understand, though.

> Regarding draft -01: it seems OK to me. The only problem I find:
> > particularly the concerns around downgrade attacks when the record
> > is not signed
> Why downgrade attacks specifically? Without DNSSEC, a lot of attacks
> are possible.

I agree, that section requires some rewording. I'm referring to the
language in the OpenPGP DANE RFC here. I'm happy to work on more text,
and open to suggestions :)