Re: [DNSOP] Call for Adoption: Survey of Domain Verification Techniques using DNS
"John R. Levine" <johnl@iecc.com> Tue, 12 July 2022 18:50 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E65BC14F72D for <dnsop@ietfa.amsl.com>; Tue, 12 Jul 2022 11:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsoggnMVP_Nj for <dnsop@ietfa.amsl.com>; Tue, 12 Jul 2022 11:50:28 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 504A1C14F719 for <dnsop@ietf.org>; Tue, 12 Jul 2022 11:50:27 -0700 (PDT)
Received: (qmail 93931 invoked from network); 12 Jul 2022 18:50:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; s=16ee9.62cdc273.k2207; bh=1Kljv3iXC+994H3Fp7kMvrkTg2KktinJ98VbJ/349mE=; b=M0gkPjtm7urtqsZvTlH5BkD5tRqtAYcZCqzTk2xkkLOzeDpw82PRfvfj11X+bNy+yvlRNAwdZz1poMewL/6eiWnqZ2+0ro610tGRAhhsPjOZLbYuzu641053CEoEaUYDLn0QNj7g+FzmE6u0WEYaLNry7jrlN/IuWn0l/GMHR4w5xXVrHxg9cco8ljLpCE6mkUsAKaLZo7zrkNUhEtvdV8+ZmWq1J9zcxLvwA35HZANj0Z/gHKKo61vmz1Ii1zQiz0wxB0i/gvdq1b/MjEdR1OWdPGAU3Sl3eD3TDbHtuytuSSZjZBYGxNoxWUU/MOGUd6zkuXjTJ/VrM5+VUU9WHQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 12 Jul 2022 18:50:26 -0000
Received: by ary.qy (Postfix, from userid 501) id 553CA4589F8F; Tue, 12 Jul 2022 14:50:18 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id B8A5A4589F71; Tue, 12 Jul 2022 14:50:18 -0400 (EDT)
Date: Tue, 12 Jul 2022 14:50:18 -0400
Message-ID: <34419ad3-e70e-4481-c06f-a92f0b028902@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: Michael StJohns <msj@nthpermutation.com>, dnsop@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <9386a34e-6b43-4de8-ed19-76dccfcd707f@nthpermutation.com>
References: <CADyWQ+FD9J-Wqr8rkgSMnb4+x9CRRKm=6cm6LBsw4F161QC4bg@mail.gmail.com> <9386a34e-6b43-4de8-ed19-76dccfcd707f@nthpermutation.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kqEyXzhEkxUEmyVTCsVRYP5OKUU>
Subject: Re: [DNSOP] Call for Adoption: Survey of Domain Verification Techniques using DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2022 18:50:32 -0000
> Alternately, mostly deleting section 3 (the survey part), renaming the > document and focusing on section 4 (the recommendations part) might be > worthwhile, but that section is all about formatting TXT messages in a > specific way and that's generally been considered anathema for DNS for oh so > many reasons. So that may also not be a correct approach. That ship sailed a long time ago with the failure of the SPF record. People use TXT records for one-off things and they're not going to stop. I agree that the list of implementations should be deleted or summarized in an appendix. What might be useful is a shorter recommendation section with no MUST stuff, since it's not standards track, saying something like: If you use a TXT record, use a _prefix ond register it in the IANA prefix registry. Use a fixed descriptive initial part in the text string so you don't get faked out by wildcards. Do not add more junk to the TXT records in the domain itself. If you use a CNAME record, use either a registered _prefix, or a pseudo-random prefix. R's, John
- [DNSOP] Call for Adoption: Survey of Domain Verif… Tim Wicinski
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Anthony Eden
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Michael StJohns
- Re: [DNSOP] [Ext] Call for Adoption: Survey of Do… Paul Hoffman
- Re: [DNSOP] Call for Adoption: Survey of Domain V… John R. Levine
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Shivan Kaul Sahib
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Melinda Shore
- Re: [DNSOP] [Ext] Call for Adoption: Survey of Do… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: Survey of Do… Shivan Kaul Sahib
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Wessels, Duane
- Re: [DNSOP] Call for Adoption: Survey of Domain V… Tim Wicinski