Re: [DNSOP] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt
Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com> Mon, 18 February 2019 14:01 UTC
Return-Path: <alex.mayrhofer.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1350130F11 for <dnsop@ietfa.amsl.com>; Mon, 18 Feb 2019 06:01:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXVBIR58H-9O for <dnsop@ietfa.amsl.com>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 461B312941A for <dnsop@ietf.org>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id j13-v6so14483713ljc.2 for <dnsop@ietf.org>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=Dzj1McnijAKX1tMQM+90dUkr0SmKPokJDJz8IwUypLBsj2Sf8Eat3Eh5Uwr3zo+sgF ojVe4Czb7sMaJsQMsroK/nGfYH4xBGVej54IlAzAgELW99DyqmXsjIJtUjz0zYhtnn0r 6uh75uYqar9gN2mLHETNTutPqgzgntD3skhXo0fa/Q/5Re6htEjfLNY4gOkLsns+uu97 LRqwdd0FKxVECx9q7TvWKmVVnUOX504fbK3ljwCwpe9axj7dq6jFzLC+PeGJZBxbDqnj /C+P+PxMcC8bsgFNMPral4bsDSfNy9QnNMawFdTgsXM7JYF0/RXJxn6UoeFZlALWb56q IuUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=RmymPTpGhAEmbYWr97zHtI8fE8IMUflN2/Dqv2uNfMvWy6ud02KViZzMUiF6HV+o9A irv46eSqtJUwQxqDMemP5n37k5HCUp5kacFc1nlI0UB9BzSAUxuPcoVT74kE228GGfSb A9byzxj5IaelbvZqjj2u4Au5Bpkg3Mo32erhad38UlH4Z1uWb+SVX6WaU8+V6+2uNIWi mqRO95DxeYXWxNZHO+wzjDAbFRXjnPlQTTpI3hNOP8CRp4efjq2x9o2yD+3b1zvreVFv vXSmwlSkvQmlxWT6YHGL3gstWWaADsVKnqJyvGRZCIZ4PbRl0aYS17NfbwVkS2xu0ded 1PuQ==
X-Gm-Message-State: AHQUAuZiShEuQSo45qt1Fy222fNQG5qwsibv5/i/RTVkSUiotyQU8tst 8npUKqx9tcoDJB/jmyU4pvPIFHw5y/qB067ZV2s=
X-Google-Smtp-Source: AHgI3IZA1EKSTmHE09ipOSQxS1BhyJsMXMnycZ0yt44y5du0fKczzsJqKvLQKkloBXhjOfbrNRWHAbHYQXOTQE3LHZQ=
X-Received: by 2002:a2e:90cd:: with SMTP id o13mr4866643ljg.153.1550498465345; Mon, 18 Feb 2019 06:01:05 -0800 (PST)
MIME-Version: 1.0
References: <154963392249.31188.16873618915255886209.idtracker@ietfa.amsl.com> <CAHXf=0r0DqC_XHw-2=h4ZkH5SgjzTjPMuML3GjxtQbe6so3=vw@mail.gmail.com> <20190215093714.t23ulbslbg52t2dp@nic.fr>
In-Reply-To: <20190215093714.t23ulbslbg52t2dp@nic.fr>
From: Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Date: Mon, 18 Feb 2019 15:00:54 +0100
Message-ID: <CAHXf=0o4CBNV2UsskGA5xQ2Vam4jeTPgpnEEvhUp8h3rb0=5Xw@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: IETF DNSOP WG <dnsop@ietf.org>, din@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NgHfzWalfc9xTDqQaqbFH12bvEs>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 14:01:10 -0000
Stephane, all, [I feel cautious about continuing to cross-post this to dnsop as well as dinrg - however, it does apply to both areas, so i'll keep both groups in for now] On Fri, Feb 15, 2019 at 10:37 AM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: > I think that it is an important work because it brings the power of > the DNS to many other identifier systems. So, I support it. Thanks - great to hear. I'm hearing that DIDs are being used in more and more situations, so i think it makes sense to define that "bridging" protocol between the two "worlds. > May be more examples could help people figure out the use cases? "My > Bitcoin address is at foobar.example" and then the Bitcoin software > would query _did.foobar.example and get > <did:bitcoin:1NZc7FJ7eHJgRMRSrmncJJM9bPnusJeuR6>. I will add more examples in the next revision. We also need to include an example for the "email address" use case. > I note that there exists already non-standard (and probably not really > deployed) solutions in that space, some specific to a TLD > <https://www.nominet.uk/domain-names-unlock-new-potential-on-blockchain/> > <http://domainincite.com/23273-my-brain-explodes-trying-to-understand-mmxs-new-blockchain-deal-for-luxe> I'm aware of the .luxe initiative, however, i haven't yet seen any technical specifications about how the connection between DNS and Blockchains is performed. If anybody has a pointer, i'd definitely appreciate it. The other alternative proposal i've found is https://openalias.org/ - scroll down for their definition of the TXT record. They don't use DIDs as far as i understand, though. > Regarding draft -01: it seems OK to me. The only problem I find: > > > particularly the concerns around downgrade attacks when the record > > is not signed > > Why downgrade attacks specifically? Without DNSSEC, a lot of attacks > are possible. I agree, that section requires some rewording. I'm referring to the language in the OpenPGP DANE RFC here. I'm happy to work on more text, and open to suggestions :) best, Alex
- [DNSOP] Fwd: New Version Notification for draft-m… Alexander Mayrhofer
- Re: [DNSOP] Fwd: New Version Notification for dra… Stephane Bortzmeyer
- Re: [DNSOP] [Din] Fwd: New Version Notification f… Paul Wouters
- Re: [DNSOP] [Din] Fwd: New Version Notification f… Melinda Shore
- Re: [DNSOP] Fwd: New Version Notification for dra… Alexander Mayrhofer
- Re: [DNSOP] [Din] Fwd: New Version Notification f… Alexander Mayrhofer
- Re: [DNSOP] [Din] Fwd: New Version Notification f… Alexander Mayrhofer
- Re: [DNSOP] [Din] Fwd: New Version Notification f… Paul Wouters