[DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
Ben Schwartz <bemasc@meta.com> Wed, 28 May 2025 01:35 UTC
Return-Path: <prvs=12439a5e42=bemasc@meta.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 33A012DA20CD for <dnsop@mail2.ietf.org>; Tue, 27 May 2025 18:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.793
X-Spam-Level:
X-Spam-Status: No, score=-2.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JV4bIWH6Qs6l for <dnsop@mail2.ietf.org>; Tue, 27 May 2025 18:35:11 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by mail2.ietf.org (Postfix) with ESMTP id A2B4C2DA20C6 for <dnsop@ietf.org>; Tue, 27 May 2025 18:35:11 -0700 (PDT)
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 54S1F7bG016582; Tue, 27 May 2025 18:34:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=s2048-2021-q4; bh=0zT50puVnjAsDjHhHrds ZLLsc0k0vlvAKbdo+JSBLKY=; b=YpSX/GZAoerF7OoIfBOtOelt8fNxDU6Dhwi9 9wh5AjeGQGiR0nrT91eZQBbg5A030dFwvVE13iU1mU1f0zgaf1XCaBmKGDbJ0/wk LsGq4dldSK4rBbgt/WH6LSRp+iS7RclNP9DxN35r3ioL3TsgQAAf8XGMGXNqPbRN 41Sz/9P5OE8oHVLNLc0o7jZp47h9BSmdKGaEr+D6Y+7pWaoLXs1ueqO9ZkDbBjea aFru0Jhp2TllZP2X+uGLmurZHpTZFEgHkWyfUy2nxcLCnetvbtuCOM4D0fZNzIbg UXG0IHXt5lDB7uiqeLwf4zLa3/b+5A8S9rBksfh3d1U4C0Meyw==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12on2053.outbound.protection.outlook.com [40.107.243.53]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 46wqqmgd0q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 May 2025 18:34:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=waeRCin0ZECNM4Rel7H7BYVFG0cd5LFiaVP50jZleL/fzAp+sNdD68UH/7sO92MVpTW76hr/QcE49pdWJs7iMfRSB1N8l1xH7auBs4AB7Y2Nw1WtThscu6XRWRmK15ApXnsRu85b+vAkxLxm0BnKgXWw19FgQBgxZTDZiJ4J8GuGlUEeieRy4xvhJwBF3+v5OSu8xxTIJ5Ti3Dmihu6e5O0gfU+7LYZ5XfqnYdN91Anz4aesdzmmypC/+WEwtm86UXBZLqNwLRRqFD2Ga9ZYEdUZKIY/D/EAQP8/RxzZ+07aS5w99X1vv2Bt1PrlTQAa2qd+cc1nIQs/B8wueqe/aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jz9VQ+MuTPVDl08BRmAMbctCeSO9ZQYnOSl+9AgVkMY=; b=QWm7Vy0NTTgcKh+mWfBLwI2kNYJceC7tI4kTpTbOuM33qMvw3n74oa1pgI0RMa4k8pUiiOToNh7WTu1HnVGDVEX/u4bCzq8ySQddjwAuKRAUsHrNapha7Wb6tE4uJZeFJTIhojTw7mqU9GHs/sDrkhOkcTU5vt/6hRHAmXln5DTp/2DXNsI8L+fOLW9MhY291YaQJLtVQc35ksntcOl71xIaaNuQPJ3pqSo6Cy3h34mC3L3aEQ1/dxGWi4Vt4Tw29R4h97N6BT2eo9eKP39Fs8KGZBxSOemay9A9p0bvzgJlzODZPVXQADRlkDY5UyAhHVXdyrAmNOm8bLqoolzyuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by IA0PR15MB5908.namprd15.prod.outlook.com (2603:10b6:208:3dc::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.27; Wed, 28 May 2025 01:34:47 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb%7]) with mapi id 15.20.8769.025; Wed, 28 May 2025 01:34:46 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Paul Hoffman <paul.hoffman@icann.org>, Erik Nygren <erik+ietf@nygren.org>
Thread-Topic: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
Thread-Index: AQHbvp+M3AnOaq0ojUaBCQcWT05HUbPPNvmAgAAE7oCAAANIAIAABl7EgAAYbACAAZHnAIAVx2IAgACh3oCAAAfl4A==
Date: Wed, 28 May 2025 01:34:46 +0000
Message-ID: <SA1PR15MB4370A859087DC301C6E38717B367A@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <CAKC-DJiQXWqT+kitGO_bjdwAzN8u11WrGfSpE99HGtoVbg9OHw@mail.gmail.com> <C42CC896-CA4C-4894-9A35-D5027FD48521@icann.org> <1f9237cf-fc78-3e12-f8bb-40699dc04d21@nohats.ca> <CAKC-DJhLGHmWVT8JYkSHAfm7HiT8dLmiOqN6Aqc2kN4dyXK96g@mail.gmail.com> <SA1PR15MB43706B717CABF88178152F57B397A@SA1PR15MB4370.namprd15.prod.outlook.com> <7f785910-73c9-f322-b0f1-839cd3f7cce8@nohats.ca> <CACsn0ckhF96yf-tVFUOSiEi9hzrKoTS3wYqM2weNC3uhKmXxvw@mail.gmail.com> <CAKC-DJgwDeu+F8aU8r70wJ7pq_xDj3ok06huZzYF09OsgMPJvA@mail.gmail.com> <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org>
In-Reply-To: <1C8A214B-8C50-47E1-9F2F-47C5F71DA95A@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|IA0PR15MB5908:EE_
x-ms-office365-filtering-correlation-id: 5ac19664-131e-40a3-7b8c-08dd9d87d49b
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|4022899009|10070799003|7053199007|8096899003|38070700018;
x-microsoft-antispam-message-info: etuFxivL8J2HNqm7SEs4M0trMEAR40jDBTpaAi1nF2jP8mFGYy/FmHLN2ouhY0L2h9lRmqSvt7mgjcBZk0FzsZLjnJstSblpJvc7fygSg+2Y2XmuDBJRa85sSIa1RcSpbGwJofXZhbXCUPY1Hz+80a6mJfhQQrnNf54b+g8rt1Wo6tXnRPAIJERGf/QY4dWxHex6a//985FZ4RoextX1xVVHztdBAECi46UHxkCs9TxAELos6/5OWIgubNcm+ts/993GufLGGSiSbywjS++do6nKVfXNlP4vSL9E+K5jU9fJm3eHAtgr3I3ZBgoho3qACLTVi5TFT/bzGJkZJ2PYL9V0gRVm370WvjeDpdSc1SvMOs0LI4ufqI7ssrrPJPbt6ohUKonsoV4FBTRGfT+y9aMT0DVQeOJrkHB/AVMulHLxRPQrsK4MiB3ElxVPGX6UecvpzIvjUc5LuZsRJfOztfth7JyE/XtJx6ZPVOO/97Y4qkZIz1iYTktI/QTQpbKCxS4GMsyUMhHbAQZ1AQnPsVNvo7HQJg9f9GEeClyU5Mi1EYBi4T5rtF4t1CQ/Ys44POuUBIJVHrNsge6qRxbwryie85T+EJTzyffSCtQgBfGJ8E2Ke/4PUtqrcwRqhx7jxwWyl2tx1oCfsUci9aG6eEa9rZFgaAozEed337znzRzsxAiz8p7H76ob0Ehi8FdgK9kbl1uS1oAeSXqCrEMWqE5RhUpHLsemOaV7fmgDZE7MyYnbYP3M3vAlJYK0GkhKYWE9mwQL/AFFmaJHDXYEMufFSQdLEUCwsfY/2snBrDddssHrH8tdg/HKW7+HN0vZegPlQz5q3bijAIfqDmoTD66/BDiOl/kN5PvTDBoCf7z5fotGwApGtnqjSOK6vWDs1emR0ZXaYtLcI+WL9LQqPI544OyQdxUxj2XOto2Ud7IkisNlv67xSKu9t+PHxK+dOPfCdokyN3wgT3UVGAFWhTPF28XsIxkuz/sCv/jJzOD8GAHDaB9OKaEkslRQrvDvqwM9SnffqJO8J56G1kGR5J9zdn+wohW0ixKUfpMJyl+EPV2fAkTNQLI/PlEOPPe9iB+OZ9RZuJ496aRMv2MS3zO3vkM/R9FaVdHHjkujDdCZJu+7qT4USePIk3yr5+9ubIEngjyogAu8BnnaqUySeHYHJAP1AWrJEWg7RUpnbFW7i+GmyDlR/FAmYJgxO+zo92r+kqUX2AVLcUnSn1fcbl2LPTG5MUj/OI+soYCaSgbbJNCWL3kqRf6LrFPlbJzCGqL2lzwiAvLHkaR6VFHjpc9xu+sYRDh1BZoPgXs9dNOSjKdmEXbz1P/yaA023Cz3rY92AUgOUhoZmcV+BZnZj2pARsBqcNP4GVeAT3zszS7hN9iniTfpOTwbS1yNV2lEwR9+s3GLpF55J5uWZRX6LV5MGqW16g4Kkm7aElsnRvjP3VbHOZk6bFwPQF6cHrltWwnlo/hfFpvDSQY2Zp9WZ8VACrDiJB6OQudRGGRqo3Q=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(4022899009)(10070799003)(7053199007)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 9MhNyYsEFKqGJRqAIzywRhyULKuT5q5i9+iKIaZ+CtgEhrYhxYGmBxIyltxyQPpBSuqmEUOsLSfJVAJmU8+pZnUqrj0RCwbdeWpvGatl9+PsNoO+5ZOM+FQp60O57FIU7yeTTMjgYj+U1H38cBNbP3M8YuPJSRTD6KdiK5Cn8JtRakaKDu0ABnMiSGemyTV31Sf5Ue+r7pECn3mmEBlrHl32PLdtnT6pgsN9DVdrCyceoa0xc0pVHT2WqoCir98ZwXT520lxMy+zeKxc17LXNqLOpJO8GepFj15pZHWciOq3kyJozM2bIn3KeKT6MJYxuXNT4RALlLTEU8rRQeKLu2iuk2mep1w2hYzR/AF9D+T2WBTlBbXHDk6i+THi62JDTe4OZgwYKTFdx3Ep1kPtCARbmT9yVfrfe065F7AlR4Cq1+9TTign0stfyobAX2cMYCbuCFNm67ZZup0ey++EyuR9zbGFK5W7ZtTQqnncdqiO7AtCUhx5CCkLwSQ5XtCah9WNhSWAD7QmMi3Q6NGmWZ6/Q3PPwjWp1cWbENBpIVaoV8ckuE8cfvySYZBfWN7Qi1yMR3hyXoP/jfpY2Pr/IZ9ddfTxEk7Hj7Msu/BnVwVxwkuifnUiOyiHca1JKoLMuMm+XHkCCzHpDzt1vP8z/oxAlnGW8s6zgsFgX3wM/zP+n9bfjyh9anREL/BWtJgaPxA0VScOhoxum+u3BDKy1HgXgWI28tUxcDoO5BoJLktL0tvNULn75MHFp3Ea0o0W/P9XtpTk1Z0wnZ+cgPkKL22taUnEZkMf5WYyrQbYrqdKCbngmQaUkxK+L9Ee3od5SPiGMOoN1cm7CGDmrnimZU7ZAk5L+ytGKiBpxNGD86Wo46+YWeAH5mkS7hsBYjMMg0+iopKweuNriX5HpgurCFHZ6UwZzRdaP6IU2kD3nHQgwOy5WCtJ8oH3VGotOIQAxs9GkUnwRwNyuCRHlg0larCQrjO7K8iPX2toCRwDHyLqA1IZ3nB7O/f3/sezkVmy2xuWhRlgFqem5E/yV54r0+tTBf9aHveC0/Mf6+pKGD02iAiDjhwXulr7jd7UYqjaU+xzbxs8+fC33Fo+GdkGlQaxu/k8vBPikHAl8p8O6kSz/W40PJMFSJWPhS1mLXklA8VBdF1fyQ+STOqPl5obsave/KAHJEEMSfIp1NZ8BSlGdBvyzv4juLy2NiwHf32vkJ7eNUeibdJwmshEiVWifxQvGYin2vGzkgL2lOc/yYkQDQX4kjfxAAI0EP17rx6rtZR3FEP+gCRrYTtULMMW/uHqDumPxklsiPquQNrwjm3C4RyO7pmScoiHdAt0++aHIzP/B7hY8aMIQziL2A4kvlXSxSpaW9iKm7LHHkFViquDLTKdpqZLK7LjOZBVRcw4d+wO8d6/xMXUiNFYBqIGYL1b3xwygE4IoASB4FpgpIcjNff7sm8jsw3Y+slT5btRfpCbfs5ryPq0ry02vPeWaOYZKahbsUG/jz1urtD/YTZjGfWOpMpnTpOIbF8c5f4mac6k5PmXh5FJ1dn2ihmSCzVeZMvkW3QKFLNW7RDy2YACzKxWldgt2zpZtuhGUjXg6kLrCLFf5HgS3G1fr8/r0rKznoGo30qdTV5z3hTZy9M=
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB4370A859087DC301C6E38717B367ASA1PR15MB4370namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ac19664-131e-40a3-7b8c-08dd9d87d49b
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2025 01:34:46.9320 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8vWUL7lmOeZAWQRqzbKX6tbQpybc445sOYA341+0iymmAN72ZH9a20+j4EG0NXM8
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR15MB5908
X-Authority-Analysis: v=2.4 cv=GqRC+l1C c=1 sm=1 tr=0 ts=68366839 cx=c_pps a=W6EPrjjQM45bXwhc9OBL1g==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=dt9VzEwgFbYA:10 a=m9shYIPOAAAA:8 a=uZw_3lL1AAAA:8 a=48vgC7mUAAAA:8 a=iYM6-14pyaJOD9IK1fUA:9 a=CjuIK1q_8ugA:10 a=SaBFUbgFtbeE3PlMfG8A:9 a=b1hu--b7Sgwt55JK:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=izJwDFX-b3pl2plFB0Pf:22
X-Proofpoint-GUID: FfGAY1NYjNm2sL2P0demgubiMvqC56uz
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTI4MDAxMiBTYWx0ZWRfXxPulA59MASEQ U4DgreGRQEycC2EeWS6Ouk/s12bLdvfMFMjCviQUjeujjkdocO77Ba57DpaXyEoQK3xIDWjZ8O5 QjQis8ovWvf8YD5VD9+uJMEptoHXXq4Bbc9K8Li2SGTPH9GH+JRq6Q/ZG+0u03HjIS17OjPfxN+ Uus+kDqR9jT5my76x+UFlAvm1rnr8Pr63Kygig7gb9JIQw4HmsNeUNYopZeZEDfpmHS3YTZCLNq Y6657UwDbRYYNx93UkNxGN7teXJuvEF1h7lDPHyBHb/w+DGQv5IHblECTzI8Oy2S35uCBxN3yNW o8MLKYlwSezGYf7V6uSsGBPgDiTP2B79WBi66XJHfMRH2bAqAm8P7vTBIDUIEVy/u/xgePP5bAV CxYaTmn8MirLJtiUccVEEl4fLGgBPbjonlRj5QXku7MkovuNIbbmWyv/EK9OaOhWI0Cexd0q
X-Proofpoint-ORIG-GUID: FfGAY1NYjNm2sL2P0demgubiMvqC56uz
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-28_01,2025-05-27_01,2025-03-28_01
Message-ID-Hash: WN2DNFW5XPYCYGNXBIIPNKRI75DAJUI6
X-Message-ID-Hash: WN2DNFW5XPYCYGNXBIIPNKRI75DAJUI6
X-MailFrom: prvs=12439a5e42=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop WG <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Sg7beWAunhtBXbD1d25yVccDt6g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
I'm open to either view on this. My main concerns are: 1. The draft's recommendations should be logically consistent with its stated threat model. 2. The draft should clearly define terminology and use it consistently. 3. The purpose of each record should be clear to someone reading the zone file. 4. It should be obvious whether or not a record can safely be removed from the zone. 5. We should favor human-readable values where possible. If we decide to support persistence of DCV records, this means we need to adjust the threat model, lean harder on the "expiry" key (or similar), and consider whether the persistent authorization function should be accomplished by a human-readable value, even if it shares a single TXT record with the random token. --Ben ________________________________ From: Paul Hoffman <paul.hoffman@icann.org> Sent: Tuesday, May 27, 2025 8:55 PM To: Erik Nygren <erik+ietf@nygren.org> Cc: dnsop WG <dnsop@ietf.org> Subject: [DNSOP] Re: [Ext] Persistence of DCV, including for Delegated DCV (for draft-ietf-dnsop-domain-verification-techniques) On May 27, 2025, at 08:16, Erik Nygren <erik+ietf@nygren.org> wrote: > > I've been thinking about this a bunch, and I think DCV is not necessarily one-time and the current focus on that is counter-productive. Instead we should be describing what properties are present due to the persistence of a DCV entry, especially since it is public once entered into the DNS. This relates to how Intermediates fit in as well. Over the next week or two I'm going to see if I can propose an alternate PR (or set of PRs) that may address some of the concerns here. A persistent record is not a DCV mechanism because it no longer meets the security model in the draft. The security model is that the user wants to prove to the application service provider that they control the domain, and that no on-path attacker can pretend to be the user. The method is to use an agreed-to random token. The moment that the user publishes the TXT record, that model falls apart. The on-path attacker can replicate the TXT record. Thus, the validation only works if the application service provider quickly checks the TXT record, before the on-path attacker can replicate it. This is all fine, and works great; ACME's dns-01 has worked very well for year. However, saying that a persistent DCV record gives any value under this particular security model is very wrong. The security model for persistent records is completely different, and should not be mixed up with the base security model in draft-ietf-dnsop-domain-verification-techniques. It makes much more sense for a different draft, with a clear and different security model, to define the value of persistent records and their security model. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-leave@ietf.org
- [DNSOP] Persistence of DCV, including for Delegat… Erik Nygren
- [DNSOP] Re: Persistence of DCV, including for Del… Ben Schwartz
- [DNSOP] Re: Persistence of DCV, including for Del… Paul Wouters
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Hoffman
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Wouters
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Erik Nygren
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Ben Schwartz
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Wouters
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Ben Schwartz
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Watson Ladd
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Erik Nygren
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Hoffman
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Ben Schwartz
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Hoffman
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Hoffman
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John R Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Joe Abley
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John R Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Wouters
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John R Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Erik Nygren
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Wouters
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Paul Hoffman
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John R Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Erik Nygren
- [DNSOP] Re: [Ext] Persistence of DCV, including f… John R Levine
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Ben Schwartz
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Erik Nygren
- [DNSOP] Re: [Ext] Persistence of DCV, including f… Ben Schwartz
- [DNSOP] Re: everything bagels, Persistence of DCV… John Levine
- [DNSOP] Re: everything bagels, Persistence of DCV… Ben Schwartz
- [DNSOP] Re: everything bagels, Persistence of DCV… Erik Nygren
- [DNSOP] Re: everything bagels, Persistence of DCV… John R Levine
- [DNSOP] Re: everything bagels, Persistence of DCV… Paul Wouters