Re: [DNSOP] Verifying TLD operator authorisation

[Bjarni Rúnar Einarsson <bre@isnic.is>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Nick, everyone,

Nick Johnson <nick=40ethereum.org@dmarc.ietf.org> wrote:
> I'm working on a system that needs to authenticate a TLD
> owner/operator in order to take specific actions. We had
> intended to handle this by requiring them to publish a token in
> a TXT record under a subdomain of nic.tld, but it's been
> brought to our attention that we can't rely on nic.tld being
> owned by the TLD operators - this is only a reserved domain on
> ICANN new-gTLDs, not on ccTLDs or older gTLDs.

The SOA record for a TLD contains two DNS names which should be
under the control of the NIC: that of the primary master
nameserver, and the e-mail of the responsible administrator
(which includes a domain name).

Intro: https://en.wikipedia.org/wiki/SOA_record

People on this list can probably comment on whether my above
assumption is correct, and whether those are good candidates for
what you have in mind.

Hope this helps,
 - Bjarni

- -- 
Sent using Mailpile, Free Software from www.mailpile.is

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEELPAMGTG3kMo305suWQtbDAPCJoUFAl0IuWgACgkQWQtbDAPC
JoU+ywwAyMBQ1MgOrAifji6SIjn1M4/TSaamsE1MB57IPVIF0mWO5x+rTldzmIxd
ftiGOB60Xd1Z/sKLi/i7QLIaw5Efme53n8hRccCDBwdnm+gGvEVvvkuMk8TkiYuE
QJl5xTKzqCXi9PEI/Se2EmpxklHoLI+DdZX2aGgIc2Vi2uTRPqSgCYT8Chg+WvNM
g32q4+Ldzto57fOry4KMum80XK5B8hSztPjK0k8hQgT/U2iX+2qY9S0wBYZXvOMP
7sp+7VeGnAv64EUqtpMik5BnnO95o0v9hdRbSF1GJ0qUehwo8eZzYdR0C73aM1aQ
0aW+7TYqovwsQhLuQKnKi+x8DP0Q/G4+uVQC7ecMY3cQLNyzyocte7JWNH+ZIQgu
QDXp9jkw0Z52zrDIDXZCjkzfl71B/hkhYnd9nh7AQ3onlCs4m7fzXbTZF1ors4Td
kG1OG5RXGfu/F5ecDfme/Mc6rF4Aqkrg6LALvcXYUE3u7GRx9vjH017hr6Ej+WWs
xI3Wv5U3
=YxQ/
-----END PGP SIGNATURE-----