[DNSOP] New individual draft for discussion: A DNS-Based Framework for Privacy-Preserving Identity
junzhang <junzhang1@huawei.com> Thu, 05 March 2026 15:29 UTC
Return-Path: <junzhang1@huawei.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1FACBC500B27 for <dnsop@mail2.ietf.org>; Thu, 5 Mar 2026 07:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.196
X-Spam-Level:
X-Spam-Status: No, score=-4.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lHdApy26Fmp for <dnsop@mail2.ietf.org>; Thu, 5 Mar 2026 07:29:07 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 18DBFC500AF0 for <dnsop@ietf.org>; Thu, 5 Mar 2026 07:29:06 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.224.83]) by frasgout.his.huawei.com (SkyGuard) with ESMTPS id 4fRYMw1dhVzJ46Zj; Thu, 5 Mar 2026 23:28:28 +0800 (CST)
Received: from dubpeml500003.china.huawei.com (unknown [7.214.146.145]) by mail.maildlp.com (Postfix) with ESMTPS id BD63C40569; Thu, 5 Mar 2026 23:29:04 +0800 (CST)
Received: from dubpeml500005.china.huawei.com (7.214.145.207) by dubpeml500003.china.huawei.com (7.214.146.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 5 Mar 2026 15:29:04 +0000
Received: from dubpeml500005.china.huawei.com ([7.214.145.207]) by dubpeml500005.china.huawei.com ([7.214.145.207]) with mapi id 15.02.1544.011; Thu, 5 Mar 2026 15:29:04 +0000
From: junzhang <junzhang1@huawei.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: New individual draft for discussion: A DNS-Based Framework for Privacy-Preserving Identity
Thread-Index: AdystH1ykOYvEXPOQ2+xn5IL8N78Bw==
Date: Thu, 05 Mar 2026 15:29:04 +0000
Message-ID: <0eabd2e9939e4fa4915c343223fc1d40@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.200.52.122]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-ID-Hash: VE676FIZ7VYKI35HT66FWVAILTNJNUC5
X-Message-ID-Hash: VE676FIZ7VYKI35HT66FWVAILTNJNUC5
X-MailFrom: junzhang1@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrzej Duda <Andrzej.Duda@imag.fr>, Andrzej Duda <andrzej.duda@imag.fr>, Houda Labiod <houda.labiod@huawei.com>, Maciej Korczynski <maciej.korczynski@grenoble-inp.fr>, olivier hureau <olivier@hureau.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] New individual draft for discussion: A DNS-Based Framework for Privacy-Preserving Identity
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Q_AUeGs_16A9GefjCaX5zNNIRhc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Dear All,
We have submitted one new individual draft for discussion: A DNS-Based Framework for Privacy-Preserving Identity.
Feedbacks are welcome.
Yours,
Jun Zhang
Name: draft-duda-dnsop-dns-did
Revision: 00
Title: A DNS-Based Framework for Privacy-Preserving Identity
Date: 2026-03-02
Group: Individual Submission
Pages: 8
URL: https://www.ietf.org/archive/id/draft-duda-dnsop-dns-did-00.txt
Status: https://datatracker.ietf.org/doc/draft-duda-dnsop-dns-did/
HTML: https://www.ietf.org/archive/id/draft-duda-dnsop-dns-did-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-duda-dnsop-dns-did
Abstract:
This document presents a framework for privacy-preserving identity
management based on DNS, supporting large-scale management of users,
IoT devices, and AI agents. It introduces Self-Certifying
Identifiers (SIDs), User/Service Trustees as trusted proxies, and
leverages DNSSEC-secured TXT records to bind public keys to
identities. The framework enables privacy-by-design, where real
identities are hidden behind trusted entities, through privacy-
preserving intermediarie. Credentials bound to SIDs support role-
based access control, while ephemeral tokens ensure short-lived
authorization. Although initially DNS-dependent, the model can
extend to other directories like DIDs or IPFS. This approach aligns
with zero-trust architectures and supports automated, AI-driven
interactions in future networks.
- [DNSOP] New individual draft for discussion: A DN… junzhang
- [DNSOP] Re: New individual draft for discussion: … Ondřej Surý
- [DNSOP] Re: New individual draft for discussion: … junzhang
- [DNSOP] Re: New individual draft for discussion: … Peter Thomassen
- [DNSOP] Re: New individual draft for discussion: … junzhang
- [DNSOP] Re: New individual draft for discussion: … Houda Labiod