IETF Logo Mail Archive

[DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)

John Levine <johnl@taugh.com> Thu, 29 May 2025 02:11 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C55252E29B37 for <dnsop@mail2.ietf.org>; Wed, 28 May 2025 19:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="Bf/UU1QU"; dkim=pass (2048-bit key) header.d=taugh.com header.b="x5kD/hp1"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PNSLL3pjaSAL for <dnsop@mail2.ietf.org>; Wed, 28 May 2025 19:11:46 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2C7E52E29B2F for <dnsop@ietf.org>; Wed, 28 May 2025 19:11:46 -0700 (PDT)
Received: (qmail 88943 invoked from network); 29 May 2025 02:11:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=15b6d6837c261.k2505; t=1748484695; x=1748830295; bh=cWHD0jt61Fi5tAZbzMyoQUqxzUQW0xmwBYwSrl6mVH8=; b=Bf/UU1QUG1n6HWKo6rY5KeKKhOfewqnySt/AWGvFPgrOd8g5MM1EVGQzC2RSMY7JZ3T4JTapLC/WvdgHWoOhqV8aDkc4TENhN+lpHQ51QN2d50rkC31URX95A7yOwWk2zqOUHx345qfHDtJ3nSZVgbwjDkIWiIr1bMpqOZw4yWpo4mcXkyeS952LUFcnt3mcKNzZrGoNn2WjAlIlrBjKJjr7ydRnZXbO73NaVshbKnfDPPHPLV+o4Negt08Ku+cvO15SkkMpLZuf6o/T8yG1Io45pi3xx6gij4H8UEpjlEthd+SJRNqODbUmy5LU4+yAto0QYjgZauUSMcTj5IiUzQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=15b6d6837c261.k2505; bh=cWHD0jt61Fi5tAZbzMyoQUqxzUQW0xmwBYwSrl6mVH8=; b=x5kD/hp1WRn46Yz2vqddkybhM9SWeAHWv3Qwf3S1CoBJ8qcrLqvBsdvJ8NeZBezMx39lQI6kgSB6hsX+sIAl3V6kGsW0ur0iG3oHqMoPOK6FBam5ByBzoBdM2ZtUNemh543AsZlJP8olcAbWYfd+8Z5O7zFenOCkXWep2QuypT5D3YZiYjllXwWQMBxa2K5TqHZ089MVcPh4wyQDjqJFqch0+QcQEuVnT6xq4V8ZIsPGWvVvtwnxpsxt/lyzlodB+Ec0D47mIxlxM8Qv4lYCRK2nhp4+jnuHi/z0pPDcY/HZ+jaCbvHWEFxCGE5DMpVhckDIlKvZHE0tHM6gV5n7qw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 29 May 2025 02:11:45 -0000
Received: by ary.qy (Postfix, from userid 501) id 5BCA5CBFE34A; Wed, 28 May 2025 22:11:44 -0400 (EDT)
Date: Wed, 28 May 2025 22:11:44 -0400
Message-Id: <20250529021144.5BCA5CBFE34A@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org>
Organization: Taughannock Networks
References: <CAKC-DJiQXWqT+kitGO_bjdwAzN8u11WrGfSpE99HGtoVbg9OHw@mail.gmail.com> <C42CC896-CA4C-4894-9A35-D5027FD48521@icann.org> <1f9237cf-fc78-3e12-f8bb-40699dc04d21@nohats.ca> <CAKC-DJhLGHmWVT8JYkSHAfm7HiT8dLmiOqN6Aqc2kN4dyXK96g@mail.gmail.com> <SA1PR15MB43706B717CABF88178152F57B397A@SA1PR15MB4370.namprd15.prod.outlook.com> <7f785910-73c9-f322-b0f1-839cd3f7cce8@nohats.ca> <CACsn0ckhF96yf-tVFUOSiEi9hzrKoTS3wYqM2weNC3uhKmXxvw@mail.gmail.com> <CAKC-DJgwDeu+F8aU8r70wJ7pq_xDj3ok06huZzYF09OsgMPJvA@mail.gmail.com> <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: S7CZXVVK5SZOB5NKHJ7WO44LWGGIPK34
X-Message-ID-Hash: S7CZXVVK5SZOB5NKHJ7WO44LWGGIPK34
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: paul.hoffman@icann.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AC4jBZMozMWEmSPUMA0gk_zF-c8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

It appears that Paul Hoffman  <paul.hoffman@icann.org> said:
>On May 27, 2025, at 08:16, Erik Nygren <erik+ietf@nygren.org> wrote:
>> 
>> I've been thinking about this a bunch, and I think DCV is not necessarily one-time and the current focus on that is counter-productive.  Instead we should be
>describing what properties are present due to the persistence of a DCV entry, especially since it is public once entered into the DNS.  This relates to how
>Intermediates fit in as well.  Over the next week or two I'm going to see if I can propose an alternate PR (or set of PRs) that may address some of the concerns
>here.
>
>A persistent record is not a DCV mechanism because it no longer meets the security model in the draft. The security model is that the user wants to prove to the
>application service provider that they control the domain, and that no on-path attacker can pretend to be the user. The method is to use an agreed-to random
>token.

I would just document the fact that the threat model is different and move on.  I realize that
in principle an on-path attacker has more opportunity to return fake results, but it is my
impression that situations with malicious fake results, and particularly fake results that
wouldn't be apparent immediately, are quite rare.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status