IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Sun, 13 June 2021 16:28 UTC

Return-Path: <stephane@sources.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660123A201C for <dnsop@ietfa.amsl.com>; Sun, 13 Jun 2021 09:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYH4wUAG9p6w for <dnsop@ietfa.amsl.com>; Sun, 13 Jun 2021 09:28:09 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [92.243.4.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00EA63A1FC8 for <dnsop@ietf.org>; Sun, 13 Jun 2021 09:28:08 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id BC2B2A0278; Sun, 13 Jun 2021 18:28:06 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id 0328F190B87; Sun, 13 Jun 2021 18:25:59 +0200 (CEST)
Date: Sun, 13 Jun 2021 18:25:59 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Shivan Kaul Sahib <shivankaulsahib@gmail.com>
Cc: dnsop@ietf.org
Message-ID: <20210613162559.GB14433@sources.org>
References: <162334242319.22850.4241161345806462552@ietfa.amsl.com> <CAG3f7Mi92moegB2656HUdgQQ_i8bKw6KH0JcsBVHP+hEc22Quw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAG3f7Mi92moegB2656HUdgQQ_i8bKw6KH0JcsBVHP+hEc22Quw@mail.gmail.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 10.9
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/GXnPO2dS-GiORdNaSmzIsO804DI>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2021 16:28:10 -0000

On Thu, Jun 10, 2021 at 04:26:44PM -0700,
 Shivan Kaul Sahib <shivankaulsahib@gmail.com> wrote 
 a message of 164 lines which said:

> Hi all, Shumon and I have been working on an early draft that
> surveys current DNS domain verification techniques. Depending on how
> it goes, we hope to eventually explore if we can come up with some
> best practices.

Section 4.1: you do not mention a recommended name for the
subdomain. Should we suggest a name starting with an underscore, to
limit the risk of collisions and to emphasize it is not a host name?
(On the other hand, some users may have a limited DNS provisioning
interface, which enforces a LDH restriction.)

Section 5: should we also add that, specially if the zone is not
signed, multi-vantage-point checking is recommended (Let's Encrypt
already does it)?

v2.23.0 | Report a Bug | By Email