[DNSOP] Re: Request Feedback: draft-sheth-dns-integration
Ben Schwartz <bemasc@meta.com> Wed, 07 August 2024 20:39 UTC
Return-Path: <prvs=3949a8f4e3=bemasc@meta.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E2C3C180B66 for <dnsop@ietfa.amsl.com>; Wed, 7 Aug 2024 13:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLT2fQ5aueWJ for <dnsop@ietfa.amsl.com>; Wed, 7 Aug 2024 13:39:26 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by ietfa.amsl.com (Postfix) with ESMTP id B8D25C1840D6 for <dnsop@ietf.org>; Wed, 7 Aug 2024 13:39:26 -0700 (PDT)
Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 477JKN0n007239; Wed, 7 Aug 2024 13:23:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=s2048-2021-q4; bh=zrVqepWDlh3GDA1N SjM3yIwFIZ0BDmn+k51nJvKSiYE=; b=iFxuzt2FposOyWyd6t5Zn9rckD7U/Jdv ph7gEtVUCI0LAbiMdHcDHamL3i8I05WjrrAyNf653msPWL3eaRclQ6WqnDmYoiet B8G+6H7+Y2g44KoAkMW2m4tUleYYSSxxzfG3W/1zjBfkdaNSUxczjvR+jcGNnH3x xx7xlYuWyD76WvlJM16Gm9eDYcI8nRcRxQ+XjrX52ZjtztjzKXZGKiL2FLWfhPbr kkCd7rNw1pgg+lhPkxFUWuvDXWx31K4TogQAdnudnThlyf+PPkbhtJ968cUf4ydR rxK8y3aJ43nh3bdyuXRqUfuixuIdxy9w/LZf8sHJMRykPSJS4MWwqg==
Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2172.outbound.protection.outlook.com [104.47.73.172]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 40vasb2gct-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 07 Aug 2024 13:23:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VcRNW+g4lDh9AIqHOwEHRrBw5syhDgNAlKcOEfdw632jg1M8eT7/25JP6PUMcYwrAV9NB19XRgO9MN75CB6exr1aTjbbBecv2hXhBlB6R4RmH9bRGvcarwkMWVe6IT8mp9P0xcAxwJE6VqeemyX3Dtny7hwv43gMl6pmS02Fdlm+pU/giPcb4pvR613XHt4GGgrnMKsPB3bpb1bBTMwX0bGF3LkntZMmnrufRA6bMbYrx/IKRqzHqMEZIcCm/jiOHkIsYb+bdJ13TZTioRojEdWRZukVysGzQWjj57AfNatxds84RO6qPiJHzNZj5RQXROP96ncOssw7CQb8XogIdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m8rYbTrr43kPlc6dDpQMBsC3Cnru78t/MN+lICIpEjw=; b=dkGAykd49lD+pnotZu2bFyrpou6v7EI545YvvQbHx0IL5tFItkv/W4NYdnILWPgaoDED4BtbEALu+dtY133bzuLcJgTF8GDxIf9iyfHGh988De98PRN1G2xguHJs0PSvT1t5/XX6sM4eVgAKTP4xq/1LL/jnhZ+s7FwNUNfD3S/4gRGw3dt3fIb0zhzyfRalU2TwMKzIGS0hCj0NhBmxr4cxT6O+RbRLv+8VT6sguB1GWNQYCZshYd7R0NtcLmWvYIwUbHCq99qT4dOkCmDml8WHxmXrZsr3A25b+QDn8Ld9m0ZWbSK2UBraKsX0rKEd96vtBpvZA4Uoml6Oubd56w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by MW3PR15MB3883.namprd15.prod.outlook.com (2603:10b6:303:51::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.24; Wed, 7 Aug 2024 20:23:09 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb%7]) with mapi id 15.20.7828.021; Wed, 7 Aug 2024 20:23:09 +0000
From: Ben Schwartz <bemasc@meta.com>
To: "Sheth, Swapneel" <ssheth=40Verisign.com@dmarc.ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: Request Feedback: draft-sheth-dns-integration
Thread-Index: AQHa51EbPBaTC98DwE6V7pbO78EM9rIcOK/1
Date: Wed, 07 Aug 2024 20:23:09 +0000
Message-ID: <SA1PR15MB4370C738E9EE065673668D89B3B82@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <3D071AEB-07A6-45C5-8FEA-3D07EC7451AA@verisign.com>
In-Reply-To: <3D071AEB-07A6-45C5-8FEA-3D07EC7451AA@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|MW3PR15MB3883:EE_
x-ms-office365-filtering-correlation-id: 4e99aff6-2f20-47bc-c368-08dcb71ec0c0
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: 3uyVhF5eaUUHa/an4mfxVTztz3N8pfNwDZ+jgFlYXUVbwsb0HR+ZwG0ihKhqqBhq2YxARGDL1HV9mzQyo1BJwkf+7NYxTww5hDyIRmmJ0/nZAAWq8g5JTNTti+25cezYfhkUe8LV4YvWGxGi07J08aWAcDVcugWIASorMhU/z5LesrjlcaYZ0PbRZvjgIlk/4/m91KUOyovS19sBpKd13r7pH1Q6RIQYkrt+hrCrjjk99L8z+Ua6mJ5Ydb5x2uQroO4hL9u1sj1weJ44+f7B11YyC2Wd0NsG1bGkATAd2srgY0WnkAXkeQxTCIc03DpTTGfvaiyCm7hHKBH6lOHc76AZiRiGZ93kT5rZLfT37brreXpfaMokLT8rFY6KaYaxKvelkWB9blPOPQKkisHB8UCqyzhOrwHAFzpVQ5FzqI+oiOpwecx1YBAkQWYDsNFRp8kdIXWreeKxxl0IjykCtmYbjhoK6A/5WlJFtx2jNxwFiXdhdZLfGmldNCdBbCAMivOOW/ykQo/ojm3yrtME3YkOEM5DFx/bItiGW3teRJyPgaXdnFfiV+g+nbqULGdjj4FthJ6gIkwTA0hix+NQR0kuknFTCVI54EieAd/Pn+9Nbdjk3sNa6zMSBcwUWtAxKAbAvcUEUGYpGErhIJ0BACeN2t/HLtZOBl8b2e1fyItlMln1wcJEecer/YLfpRugDS3j8xY/8EkRcmHrOMR2hj6rTFbGUHs6cAPQD+vJbdCl6oRlihu5l2FlhfFLjIas7jjjZop3ZCEVPyDJD8mQ8pCxMMIb9EeAorg4h/y4RxLXXqCs9veKyCfjjEuKQ7u/DAlkTzwmtoonit3c4irNVRjS8Sza9+aIFAOMgPaQa/BjKJv3QWco83sXPFvSYj4jMw/m9RWrVu7SYIAggkn5qCJzaL8qYEJLxdhjw7HoIm741NI8uuOGIhYkUoTlGRlNoWWcLmS7tTAZjgeeNij9rtre5EQ/H/2ZBhwhHcq8/dKYZd5FW9ec2DTJUqR561ofIe/DvvWRtPaoPu7OgeOyHMoLuZKTseXDER9AyDGfQcCG0VvJqULKqGiCZ9HOUhHiJGy/iX2BMluIHvkEkZgbnDxBV7ebCTFAKCKJJl5GD60f8GA932kgU6zENyfrAJBNRI21VWSGSixDOcBFk0N74uKAhRhgE2Qmh1mTjq9e3XfYecUcVJsP2XHpQD5jjvhOy7KBSw2gU6oJk+m0RE1QN+ZASeRMM9tSxUXVvcu0SjgHF+FeeXTQdfRjUQJ0gKyaK7Bf5bxXR69ZNh4ZvCjSOAGWC5gG+NLpN8cF+xF8FjtbXP4IEXERdQ4cjXWcDMG7u9KIqd48d2ZX08+8Tt9bMKTzrF5kYyIR2SRpNCbfVSw=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EJgxhSXKcYyoZEf1xB6SDFvkLZWMczWpRlQ75Xgo3j0jiI8BlCypSz905t9g9OGbryPc4pfmGjpUeFIK8oKY/w2Ndx7EUfLmKTFela+FSkC/EqJysW13wsdUvzgJN/jVY4WKFv3TBlLkSaa13QTFsHAfxAaXCKT2bI1bstjKPAfrjmMTmzqsG1laOhZIlcYHDWPx3XPV3IOyMkVuRYGiJSH/VC9K8gnzRUFtOiSZurzEU0+bLIB8ebQ8cjvWv0vlsPyp5OGQQ4u/aD1P7PELy56QfYAc3qI2WsmJaVDxjegFMWrsgOoCn6KmBHFJ68CmR/t20SrYEgXMw6CTqiwdN7PDXsyuMuoEe4a3aLJgzw0p/oqmxsxDzwKXxxtCP7gtl3qkbZM1bMJHBooIWQZBcH5bNUbIxoLMFCqJpABXeE6KBi/XuuoezHs9RZJ0X0nj9unixlQ14SFeU+EVxE9/3iGVzqsUSCEvrWEG2zaIffphlFhYr9xBWez+JknX14v38uXCVRJIyKueouWNbcEeuR3G0i88gWJCi+HvQtq7tBLxjwBtYhNS8MmTv19z+r5IsY179MdqFMyABSdY2KsGhCma+Xxv9Qk89PUHYNgsuJqDx0mBPAIiQiOeuJgKGOAzHq+RYozBzzrQmBVvc+ZEtfjSOfi/2TE4OKVs4fPvhBXgEH9taNXOFrZtts8QgR8Qyj0SdLtStfCPo5PackUdif1B+Aiz32ts2Ro4682n1HGm6i64pWDO7ys7rz5vrWQ0q6DT+Oo87jWS0/gpo89E40AC2omrdnM1/mqDYzOHXqgq2M+MNKisZXEYsXxc3mDc/fRWOvwbIX/fxSzL1ip5NtcmLnyBZ+EF/Kr6inMfFHUxks3xhMiyg+bqOgRT5uAy/DfHAwMF3qeZh4oCpTzGoN8pGkb18S4tjnRtuXTF6UlyFwl8iw9DEI6MHAlXPoW5k3eJvUT2kembqsGRaUdvkRRSkbzWpv5ifeebqMIp0xuvVM1DUmoRYkBQ2j+3kMJFQoi75wF7D3FhY74jUPwTVaiL2aOFRa88nRM42kzVK04BrpRcSA8EoAL67ERL7vUVnRTo3HPrjd5HHgQWpDc2felUqXHDg48gJqwWpTcd2RHfgj5w3sNIDtOnvSoXmT6dq5SsQWgwJsSbG5Jqqx830ECIx20rT0HlRrzpx5/xMoG9weN66AMnQITZBFOduWkp05v1GWbgcs7O6iFfHHG9QH+fYaq/2/iG+bdcMfM89YXF/gPyhl57kLRd2lW9d1KNYI9H+qrgcIiPt8GIVO0HWL0CmDi6yBGF5+KQN4vXobiMeFjsB04atkqOhtXajpMaOZnaTTxXQ1EN9izX4kNizelVgzZgXMq/REpXg0qBC0PelRAbtUyGPiE714oYkbhmP3xrF01LbSQM0s/ILG3QU4i4vHVNdTZY8A2KbeIqBG/ohT1fDZQs3VvXGfuCOjltRWPTZwUPI3H10SOUpvW3U+vGY5B4vBGwGoQVGvGMXW9ZRdbX3eJdAseJBP9OIp6DHq4BziSVu/MBG2qI2uLvqGQgEzJHRSr0NCklQOIv4VNaVPES6CK8WXfRLybPcnOf
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB4370C738E9EE065673668D89B3B82SA1PR15MB4370namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e99aff6-2f20-47bc-c368-08dcb71ec0c0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2024 20:23:09.0256 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YffwmZUvVm+CUF9YSa8WPdd1Nufr1gVsEnrT33w5kqFlYVFtwJU9nlsTjpKxzEH7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB3883
X-Proofpoint-GUID: M1B_PJLu8tNF3elouJHOXU43E7prlKAY
X-Proofpoint-ORIG-GUID: M1B_PJLu8tNF3elouJHOXU43E7prlKAY
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-07_11,2024-08-07_01,2024-05-17_01
Message-ID-Hash: 6C5WWCKGDDCMZN4MAACIDS7VBDWQYR54
X-Message-ID-Hash: 6C5WWCKGDDCMZN4MAACIDS7VBDWQYR54
X-MailFrom: prvs=3949a8f4e3=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Kaizer, Andrew" <akaizer@verisign.com>, "bryan@blueskyweb.xyz" <bryan@blueskyweb.xyz>, "nick@ens.domains" <nick@ens.domains>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Request Feedback: draft-sheth-dns-integration
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mAoKItYwK20fzgJ49QAYzo_U5vQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Section 5.7 of draft-ietf-dnsop-domain-verification-techniques-05 says Some Application Service Providers currently require the Validation Record to remain in the zone indefinitely for periodic revalidation purposes. This practice should be discouraged. Subsequent validation actions using an already disclosed secret are no guarantee that the original owner is still in control of the domain, and a new challenge needs to be issued. However, this draft implicitly takes the opposite view, as the authors refer to systems that require their validation records to be published as long as the corresponding association exists. I think the discrepancy is very interesting. We need to distinguish "this domain is authorized by account $X" and "this domain authorizes account $X". When performed in the DNS, the former requires a secret and applies to a point in time; the latter requires no secrets and applies continuously. In general, I think the latter is probably simpler, easier to manage, and more secure. Perhaps the DCV draft ought to note this. --Ben ________________________________ From: Sheth, Swapneel <ssheth=40Verisign.com@dmarc.ietf.org> Sent: Monday, August 5, 2024 12:04 PM To: dnsop@ietf.org <dnsop@ietf.org> Cc: Kaizer, Andrew <akaizer@verisign.com>; bryan@blueskyweb.xyz <bryan@blueskyweb.xyz>; nick@ens.domains <nick@ens.domains> Subject: [DNSOP] Request Feedback: draft-sheth-dns-integration DNSOP, Just before IETF 120 we published a draft "Integration of DNS Domain Names into Application Environments: Motivations and Considerations" along with co-authors from Bluesky and Ethereum Name Service. You may have seen us socializing DNSOP, Just before IETF 120 we published a draft "Integration of DNS Domain Names into Application Environments: Motivations and Considerations<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-sheth-dns-integration/__;!!Bt8RZUm9aw!5uGRf-jrspw4aqbJsmf_WDfAqdK4pnUYUTc4DrvcJhusAcikKdSv1rECFE6DI2WxQj0-qPJM2pr-FgfOlgmBmEB6a2w$>" along with co-authors from Bluesky and Ethereum Name Service. You may have seen us socializing it at the hackathon and HotRFC<https://urldefense.com/v3/__https://datatracker.ietf.org/meeting/120/materials/slides-120-hotrfc-sessa-03-integration-of-dns-domain-names-into-application-environments-motivations-and-considerations__;!!Bt8RZUm9aw!5uGRf-jrspw4aqbJsmf_WDfAqdK4pnUYUTc4DrvcJhusAcikKdSv1rECFE6DI2WxQj0-qPJM2pr-FgfOlgmB72MD_wo$> or heard the request for feedback during Thursday's DNSOP session when the chairs mentioned it during the "Drafts of Note" of section. During IETF 120 we received a lot of good feedback around this draft and would like further feedback! Since the initial 00 version, we have changed the draft to informational and are in the process of evaluating how best to incorporate the other feedback we received. The goal of this draft is to provide informational guidance to communities who are trying to incorporate DNS domain names into their applications. The draft currently provides motivations for why applications opt to utilize domain names and qualities that applications should consider as they build and maintain their integrations, e.g., having processes in place to account for domain name lifecycle events or DNS protocol evolution. We would appreciate feedback on the current draft and other motivations/qualities we should consider including that would make this draft as useful as possible to these communities. We would be happy to take feedback here on the mailing list. Thanks, Swapneel Sheth
- [DNSOP] Request Feedback: draft-sheth-dns-integra… Sheth, Swapneel
- [DNSOP] Re: Request Feedback: draft-sheth-dns-int… Ben Schwartz
- [DNSOP] Re: Request Feedback: draft-sheth-dns-int… kowalik