Re: [DNSOP] [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt

Alexander Mayrhofer <> Mon, 18 February 2019 14:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 09D5012941A for <>; Mon, 18 Feb 2019 06:14:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G0HjdGQldBy2 for <>; Mon, 18 Feb 2019 06:14:20 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7CF68130F0D for <>; Mon, 18 Feb 2019 06:14:20 -0800 (PST)
Received: by with SMTP id d14so3320425ljl.9 for <>; Mon, 18 Feb 2019 06:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ho9vcddmU3HRwJCS+3N+h0qAJZHT5qftlioC/ynCTB4=; b=V5EZX+yIqVNFCvoSPJid3SEFP0WmsShcPDIilwzMKIO9FuSKwmoiyXK6cH+PKBX4gj 52K+4EC3SgSniwcr+TYLWnYStlY6+rjFKPEJn5cJtWTe/IL1WHa/5qW+WC0p8HgfPE4D 8QCUck7g5cNFfNBLWEVI/3n16SwvfR6cMM3EFHHRVqOSPC5fBTufjemmR24aF7n4CHmJ TWsPsBuhIDPgAw4ptgOUY6csl9ZQGVfLrWv6fZPfht5GNGOdUEKlG6wolOF/Aop6IH6z 29EozyNrWb4LwiS9M1C82GrdPy3R7RJflaARh4Ann+h2SkChWe1yMQ0u2H7dfF1epKLl WNTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ho9vcddmU3HRwJCS+3N+h0qAJZHT5qftlioC/ynCTB4=; b=V5EJOYxxeIoU3UVZ83F8LLgfUHr+30LR8Oe/ReVsHeLYpjKnVgITNBZvLICVgKHFuw NDDveIsw6GtTDSJLtFee5TF3n0IAhvISKP+ZUPlZICrC1jAStVEzrlp0/ttO3O+EA1V4 gmoPjfYU+KRKqOLlgNoQpr0y97mFPgY8v71kXOoN+hau9vMLA4D/+ZUQgGfzdEKPWY7P hmTsp8T8XmjICMm6p1OaJs40r0w2I7LwBMYTwOG2y45hIBSGgpqi1eMK1gekpT/8yxo6 glVxtnrjDEj+Q9BO+h5Bl05YYvtokhmfTAbdXv1RjboCiNK28e4he4DwhcDvz/RHqXOo OpDQ==
X-Gm-Message-State: AHQUAuY+53f+QpCgyi5ALjQf/Z48w5WzTfGF1TlQ/ZzljLeFaAnVMqkv IcOekT9MHBHn7r6a4zubkZQK1iNsWMM1KeOjM3w=
X-Google-Smtp-Source: AHgI3IZImlAD9XgP7ShpqK1vjOabjDDJGjamdIqEYzlPRj2gqTj72VsOrW/CRKAVl2cb5/YPNSncuutbk5MhVY8Gy30=
X-Received: by 2002:a2e:4d7:: with SMTP id a84mr11701209ljf.86.1550499258613; Mon, 18 Feb 2019 06:14:18 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Alexander Mayrhofer <>
Date: Mon, 18 Feb 2019 15:14:07 +0100
Message-ID: <>
To: Paul Wouters <>
Cc: Stephane Bortzmeyer <>, IETF DNSOP WG <>,
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [DNSOP] [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Feb 2019 14:14:23 -0000


On Fri, Feb 15, 2019 at 7:47 PM Paul Wouters <> wrote:
> I think this document should be Experimental and not Standards Track?

I was torn when i did the first revision of this. I think it depends
on the stability of Decentralized Identifiers themselves. Once that
schema becomes widely used, i think any protocol that connects the DNS
and DIDs should be Standards Track. But i leave that up to "higher
forces" as soon as i find a suitable "home WG" for that.

> The reference to 7929 should be normative, not informative, since
> you actually need to read a secion of 7929 to implement this document.

Agreed. I've considered replacing the "instruction diff" to OpenPGP
with a full description in the document itself. The idea to use that
scheme in email came in quite late before i wrote -00, so that section
also reflects some laziness. With the "two label" hierarchy introduced
in -01, i think a full description would be better anyways. Well do so
in -02. Which, in turn, would allow the 7929 reference to stay

> I'm not sure if one should use for host names and
> for email addresses. I would keep that at
> the same level, eg:

I'd love to have a discussion about semantics of both options at some
point. Maybe we can do a short meeting during IETF104? I know there
are many ways to do that, and personally i'm not sure which way would
be the "right" one.

> This technically also allows one to separate the two DNS zones more
> clearly (and could even be managed by a different group)

Yep, introduces a zone cut. Then again, i'm not sure what (if we
introduce that schema above) the semantics of a record right unter
_did would be.. Or would that be disallowed?

> I'm really on the fence for this document. On the one hand, it is good
> to have a memorable decentralized identifier, but on the other hand if
> you rely on DNS (and DNSSEC), is this identifier really still
> decentralised in the "we don't trust the USG or Verisign" way ?

The identifier is still fully decentralized, the method of discovery
probably not. I've also heard that from folks from the Self Sovereign
Identity community... However, they are seeking ways for people to
discover DIDs. Commonly used are QR codes, but everyone is aware that
replacing the QR code on an ATM machine would create an easy of "real
world" phishing, so other methods of discovery are definitely worth

> I guess if you interpret it as a migration strategy away from DNS, it is okay.

Note that we could also create a "full loop" of verification. The DID
document published behind a DID could include a link back to the
domain name. I've not investigated that further, though, but it's an
interesting area.

So, would you be interested to discuss this in Prague?