IETF Logo Mail Archive

[DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)

Paul Hoffman <paul.hoffman@icann.org> Thu, 29 May 2025 18:19 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 905672E6B119 for <dnsop@mail2.ietf.org>; Thu, 29 May 2025 11:19:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iq6KkhGS9r74 for <dnsop@mail2.ietf.org>; Thu, 29 May 2025 11:19:58 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) by mail2.ietf.org (Postfix) with ESMTP id 3FC8E2E6B114 for <dnsop@ietf.org>; Thu, 29 May 2025 11:19:58 -0700 (PDT)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa4.dc.icann.org (8.18.1.2/8.18.1.2) with ESMTPS id 54TIJvB9012598 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 May 2025 11:19:58 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 29 May 2025 11:19:56 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.1544.011; Thu, 29 May 2025 11:19:56 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: John Levine <johnl@taugh.com>
Thread-Topic: [DNSOP] [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
Thread-Index: AQHb0MZHE0aEsysz7k6HgmPEED7AKg==
Date: Thu, 29 May 2025 18:19:56 +0000
Message-ID: <C61CC3BE-016B-41A9-B326-2C257A004B97@icann.org>
References: <CAKC-DJiQXWqT+kitGO_bjdwAzN8u11WrGfSpE99HGtoVbg9OHw@mail.gmail.com> <C42CC896-CA4C-4894-9A35-D5027FD48521@icann.org> <1f9237cf-fc78-3e12-f8bb-40699dc04d21@nohats.ca> <CAKC-DJhLGHmWVT8JYkSHAfm7HiT8dLmiOqN6Aqc2kN4dyXK96g@mail.gmail.com> <SA1PR15MB43706B717CABF88178152F57B397A@SA1PR15MB4370.namprd15.prod.outlook.com> <7f785910-73c9-f322-b0f1-839cd3f7cce8@nohats.ca> <CACsn0ckhF96yf-tVFUOSiEi9hzrKoTS3wYqM2weNC3uhKmXxvw@mail.gmail.com> <CAKC-DJgwDeu+F8aU8r70wJ7pq_xDj3ok06huZzYF09OsgMPJvA@mail.gmail.com> <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org> <20250529021144.5BCA5CBFE34A@ary.qy> <FE7757DE-77AA-4EB2-8B0E-2ACF486B1048@icann.org> <20250529181355.88A5FCC1B18F@ary.qy>
In-Reply-To: <20250529181355.88A5FCC1B18F@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <BEEDBDFA4B805F4F8C612801C7B85241@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-29_08,2025-05-29_01,2025-03-28_01
Message-ID-Hash: EUYI33TIA4IEYXQ44O3QRPB7K6PQ74BM
X-Message-ID-Hash: EUYI33TIA4IEYXQ44O3QRPB7K6PQ74BM
X-MailFrom: paul.hoffman@icann.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsop@ietf.org" <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7E8MMCtrYrn125K4kpN9RgH3e-8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On May 29, 2025, at 11:13, John Levine <johnl@taugh.com> wrote:
> When I look at the TXT records on any large organization's DNS apex, I find it hard to believe
> that all of those records are just one time DCV that they forgot to remove.

Correct: there's a good chance they left them there because they don't know if they're safe to remove, so why not just leave them it. Whoever told them to add the record didn't say when they should remove it.

--Paul Hoffman

v2.31.3 | Report a Bug | By Email | System Status