Re: [DNSOP] Verifying TLD operator authorisation
Jim Reid <jim@rfc1035.com> Fri, 14 June 2019 12:40 UTC
Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF3A120041 for <dnsop@ietfa.amsl.com>; Fri, 14 Jun 2019 05:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnUkPq6PXtPv for <dnsop@ietfa.amsl.com>; Fri, 14 Jun 2019 05:40:13 -0700 (PDT)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D67A12001B for <dnsop@ietf.org>; Fri, 14 Jun 2019 05:40:13 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 40A0F24205E6; Fri, 14 Jun 2019 12:40:09 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <CAFz7pMvkQUz78Qow03RsFKHof3nrnGu3BUwUP0zstWgVtP3Msw@mail.gmail.com>
Date: Fri, 14 Jun 2019 13:40:08 +0100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0202F994-3BFF-4FA5-A187-C0B3E8E1E108@rfc1035.com>
References: <CAFz7pMvkQUz78Qow03RsFKHof3nrnGu3BUwUP0zstWgVtP3Msw@mail.gmail.com>
To: Nick Johnson <nick=40ethereum.org@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aN3Ntoxm6d68aoXzWwoj_xq2q5o>
Subject: Re: [DNSOP] Verifying TLD operator authorisation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 12:40:15 -0000
> On 14 Jun 2019, at 03:18, Nick Johnson <nick=40ethereum.org@dmarc.ietf.org> wrote: > > I'm working on a system that needs to authenticate a TLD owner/operator in order to take specific actions. We had intended to handle this by requiring them to publish a token in a TXT record This assumes someone who is able to update the TLD has the authority or ability to change the TLD’s delegation. That’s not necessarily true. Think of registries who outsource their registry operations and/or DNS service to third parties. Such third parties might well be able to edit the zone file (or whatever) but that doesn’t necessarily mean the registry authorised or requested those changes.
- [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Dr Eberhard W Lisse
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Vladimír Čunát
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Bjarni Rúnar Einarsson
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Mark Andrews
- Re: [DNSOP] Verifying TLD operator authorisation Tim Wicinski
- Re: [DNSOP] Verifying TLD operator authorisation Matthew Pounsett
- Re: [DNSOP] PSD records, was Verifying TLD operat… John Levine
- Re: [DNSOP] PSD records, was Verifying TLD operat… Tim Wicinski
- Re: [DNSOP] PSD records, was Verifying TLD operat… John R Levine
- Re: [DNSOP] Verifying TLD operator authorisation Vittorio Bertola