IETF Logo Mail Archive

[DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)

John R Levine <johnl@taugh.com> Thu, 29 May 2025 18:47 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DF1DD2E6E295 for <dnsop@mail2.ietf.org>; Thu, 29 May 2025 11:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.401
X-Spam-Level:
X-Spam-Status: No, score=-4.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="btXbKGTA"; dkim=pass (2048-bit key) header.d=taugh.com header.b="B14dadGZ"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N_tf9fC7pm0R for <dnsop@mail2.ietf.org>; Thu, 29 May 2025 11:47:05 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 50A3B2E6E17F for <dnsop@ietf.org>; Thu, 29 May 2025 11:46:50 -0700 (PDT)
Received: (qmail 75338 invoked from network); 29 May 2025 18:46:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=126476838ab99.k2505; t=1748544399; x=1748889999; bh=czaNRhnEqGGOCzjUdX3HAlzA5LSu6Wy7KcDunbhohcE=; b=btXbKGTAxnq0zNwsmI8ryvcF83ymikng7mUn7BSiZl0VUj/G3Fe0HGDD1VereBaKW20I/IhCypxs9KKZpBEeePGRV2eBmHxuju220cmeTyUxpjYe5/em4lN1lQ8DcY1zi2mLn4Wg+5HY6RRTHoB+rkKh7btrpDa/Nl7trIfMv78383zIYIjgBKqxd8lN4CltrOse2Br5dfgtAIU7r3m6+JIgICWYrfqFiT1JW7Taz3yPkhoYCGA1axcfShBawJBMMKXZloUCCFRT2/klmLF/x8jfrt93hk4hA9x1uL0YNb5I/+tRRSYeWwk+ztG/rMyvhXAPnNl2pktnA6qZM/pPSQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=126476838ab99.k2505; bh=czaNRhnEqGGOCzjUdX3HAlzA5LSu6Wy7KcDunbhohcE=; b=B14dadGZjToQaBu3tCtxmIgFNfP04MwMCoJ1T4LCUe9GKqRzGn1+yWrCspO4l1atvWRmuSlWhiQMLbs/I54zfsXDgtZcYtAJPAYDOE2YYPvGvLOief2znQJYHje6acwOXJZ40jhGzEGpv7e9O3PPgpw+qzNaQ3+Ig1ei5p6r8xS/wb85cfhBCJZlRm092dIdqICokS2rnd2a+ZZwoRmzqW0PpUXbQ0eZLGF8Wb1Zex8R9O7ccSZLGNdYdam23XqUZliyhrgajEfTECDLT75Mjx6LgN8c2zLEhN4GwrCR4ozwCYHCdRPWKj+YvATipmtRbDdaMneQZv1Fdbl4Ad8qoQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 29 May 2025 18:46:49 -0000
Received: by ary.qy (Postfix, from userid 501) id AA0F0CC1BB11; Thu, 29 May 2025 14:46:48 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 0CA49CC1BAF3; Thu, 29 May 2025 14:46:48 -0400 (EDT)
Date: Thu, 29 May 2025 14:46:47 -0400
Message-ID: <16ef83e1-3ba4-cd0a-24ee-85557e0e838e@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Paul Hoffman <paul.hoffman@icann.org>
In-Reply-To: <C61CC3BE-016B-41A9-B326-2C257A004B97@icann.org>
References: <CAKC-DJiQXWqT+kitGO_bjdwAzN8u11WrGfSpE99HGtoVbg9OHw@mail.gmail.com> <C42CC896-CA4C-4894-9A35-D5027FD48521@icann.org> <1f9237cf-fc78-3e12-f8bb-40699dc04d21@nohats.ca> <CAKC-DJhLGHmWVT8JYkSHAfm7HiT8dLmiOqN6Aqc2kN4dyXK96g@mail.gmail.com> <SA1PR15MB43706B717CABF88178152F57B397A@SA1PR15MB4370.namprd15.prod.outlook.com> <7f785910-73c9-f322-b0f1-839cd3f7cce8@nohats.ca> <CACsn0ckhF96yf-tVFUOSiEi9hzrKoTS3wYqM2weNC3uhKmXxvw@mail.gmail.com> <CAKC-DJgwDeu+F8aU8r70wJ7pq_xDj3ok06huZzYF09OsgMPJvA@mail.gmail.com> <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org> <20250529021144.5BCA5CBFE34A@ary.qy> <FE7757DE-77AA-4EB2-8B0E-2ACF486B1048@icann.org> <20250529181355.88A5FCC1B18F@ary.qy> <C61CC3BE-016B-41A9-B326-2C257A004B97@icann.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Message-ID-Hash: OLVFNQWOCJEBGGFY53AUE72DX4GFH36R
X-Message-ID-Hash: OLVFNQWOCJEBGGFY53AUE72DX4GFH36R
X-MailFrom: johnl@taugh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsop@ietf.org" <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LIKdAN1Zs4J_xbwWCUChIu6wQqY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Thu, 29 May 2025, Paul Hoffman wrote:
>> When I look at the TXT records on any large organization's DNS apex, I find it hard to believe
>> that all of those records are just one time DCV that they forgot to remove.
>
> Correct: there's a good chance they left them there because they don't know if they're safe to remove, so why not just leave them it. Whoever told them to add the record didn't say when they should remove it.

Some of them are but I'm fairly sure that some of them have to stay there 
as long as you subscribe to the corresponding service.  Either way we're 
guessing, so I wouldn't want to make any strong assertions either wy.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.31.3 | Report a Bug | By Email | System Status