IETF Logo Mail Archive

[DNSOP] Re: everything bagels, Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)

John R Levine <johnl@taugh.com> Wed, 11 June 2025 14:25 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5537933B6359 for <dnsop@mail2.ietf.org>; Wed, 11 Jun 2025 07:25:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.401
X-Spam-Level:
X-Spam-Status: No, score=-4.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="fKf28r3/"; dkim=pass (2048-bit key) header.d=taugh.com header.b="OcQr/O19"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46aoWWWdUJYq for <dnsop@mail2.ietf.org>; Wed, 11 Jun 2025 07:25:10 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8BF7833B6354 for <dnsop@ietf.org>; Wed, 11 Jun 2025 07:25:10 -0700 (PDT)
Received: (qmail 70351 invoked from network); 11 Jun 2025 14:25:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=112cd684991c6.k2506; t=1749651900; x=1749997500; bh=j6eeFdUwWyIFE8lgES+j5obLGdUOtS1VY9vWuldMJIw=; b=fKf28r3/tUkrU9qQV5qTt3D7+2I9hzd71bAlnT4Wjz5ja2UOZ+yM0JYwOWtj6FS11TASAnwm4Aabdho7LkxklU8YFD58NoroLErKviqjs3ltsuCtXvDHyqtGG/AeLg+U8y2Hvw+bkK/iivyZQ5u+gGuidAs2NdXyug3DRrSW++wHKwsm/QuH4JvSK2aVqFIMLsAcsEM6qy8eiqfC+U+pM5xAO3+nbXQNYIuPmHNNh0H/UsPUp/p/jyI6QVydIMU4CMiGCMUCNtDAf/KxA8+Ojoml5NRLR0NAWnjSi817k90+eCWAMH2xf+IjqsWr/7OOlzdPcI59qqsUNJ27/0nDzg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=112cd684991c6.k2506; bh=j6eeFdUwWyIFE8lgES+j5obLGdUOtS1VY9vWuldMJIw=; b=OcQr/O19BrDEFGJ/hY2GY5hF1JMbOkD0kh20PXrQWIYXH78bGVlzus1emiXy7NHnJao7Brmcu7rgLCY30+yuujNnhWRjdrxR1kpeev0KAO/1b8mV87ghIQxHTiA4TqJ3ibnqEJ55/CwX2LdDvlplrcEOpgoWQEyjGzpr6mkMA1vklMcnmmF7/NFsj9wpDeHgiaSqdTi7roovR0t2PA2CDOIxzpdOaU3h1ldFuSiLuNuQmtMLbyqIZHeC2oFeMJuDwAN0OJTrovCwqYINSR/ICLvHloIFmO8eIlMupF5+tzSUWAzhz5jpb9gZtMhjAIoEoddhtnZpQQhvtNPkRn9m6g==
Received: from ary.local ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 11 Jun 2025 14:25:09 -0000
Received: by ary.local (Postfix, from userid 501) id 6596DCDD65C0; Wed, 11 Jun 2025 16:25:07 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by ary.local (Postfix) with ESMTP id D47D6CDD65A2; Wed, 11 Jun 2025 16:25:07 +0200 (CEST)
Date: Wed, 11 Jun 2025 16:25:07 +0200
Message-ID: <b95ba1ab-f98f-16e0-e5d4-87216df7c8f4@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Erik Nygren <erik+ietf@nygren.org>
In-Reply-To: <CAKC-DJjX3EN3AcLOM5MZMcF-zvjqSNSouVhPkoszs9JjWjd1nA@mail.gmail.com>
References: <CAKC-DJhS4_1P5Bqu-0YWWr9jkxBOt40rx5804UAUp7DhAsc31g@mail.gmail.com> <40408285-974A-4790-B653-DF4C3798F1E0@nohats.ca> <F7E48A3F-DA2C-4E54-92DA-90CD0EDE78DA@icann.org> <478e1879-93d4-4b0b-a99f-bbdb422bc073@taugh.com> <CAKC-DJh4ck_okAmdssMTfj5iq9X2o_-_Z6MzLQRSfZyjUJ3t6g@mail.gmail.com> <fcb3b846-7d2a-c567-2566-ba1614df31fa@taugh.com> <DM6PR15MB2361CDD15CABAEDA7CE91E45B36BA@DM6PR15MB2361.namprd15.prod.outlook.com> <20250611102817.03EB3CDD0556@ary.local> <DM6PR15MB2361608443254836F7ABD854B375A@DM6PR15MB2361.namprd15.prod.outlook.com> <CAKC-DJjX3EN3AcLOM5MZMcF-zvjqSNSouVhPkoszs9JjWjd1nA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Message-ID-Hash: LYLCE6PNURAQREGDLAK3HTIIV2XCP7H4
X-Message-ID-Hash: LYLCE6PNURAQREGDLAK3HTIIV2XCP7H4
X-MailFrom: johnl@taugh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsop@ietf.org" <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: everything bagels, Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/O69I12oMjiy5j2viMIAKet0B3Tg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Wed, 11 Jun 2025, Erik Nygren wrote:
> There are two cases here:
>
> 1) Accidental retention of zone contents (this seems unlikely, but worth
> mentioning)

No, unless someone has actually seen it happen.  It'll just confuse 
people.

> 2) Malicious reintroduction of zone contents (this is the concern we need
> to make sure is well-addressed, and is one of the reasons it is critical
> that validations are tied to users/accounts).

No, unless someone has actually seen it happen.  The threat model makes no 
sense -- it seems rather unlikely that the old zone owner is still paying 
the bill for the service it's supposed to validate, or that the new zone 
owner has the credentials to use it.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status