Re: [DNSOP] Verifying TLD operator authorisation
Dr Eberhard W Lisse <el@lisse.NA> Fri, 14 June 2019 13:13 UTC
Return-Path: <el@lisse.NA>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B1A612002F for <dnsop@ietfa.amsl.com>; Fri, 14 Jun 2019 06:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.868
X-Spam-Level:
X-Spam-Status: No, score=-0.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7U33lR3d_Pw for <dnsop@ietfa.amsl.com>; Fri, 14 Jun 2019 06:13:18 -0700 (PDT)
Received: from wneu.omadhina.co.na (wneu.omadhina.co.na [196.216.41.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40B8120043 for <dnsop@ietf.org>; Fri, 14 Jun 2019 06:13:17 -0700 (PDT)
Received: from [192.168.8.102] (unknown [105.232.95.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by wneu.omadhina.co.na (Postfix) with ESMTPSA id AE60432C0061; Fri, 14 Jun 2019 15:13:13 +0200 (CAT)
Reply-To: el@lisse.NA
Cc: el@lisse.NA, dnsop@ietf.org
References: <CAFz7pMvkQUz78Qow03RsFKHof3nrnGu3BUwUP0zstWgVtP3Msw@mail.gmail.com> <0202F994-3BFF-4FA5-A187-C0B3E8E1E108@rfc1035.com>
From: Dr Eberhard W Lisse <el@lisse.NA>
Openpgp: preference=signencrypt
Autocrypt: addr=el@lisse.NA; prefer-encrypt=mutual; keydata= mQINBFTW2UgBEAC+yiJJrC9Pilq+OnnMUgK2ALSA/z3Cmxtsbv18sF+Kx0ott5W8X8LFVcJ3 fwpRAXeq+yQ6QZPOtky/xsEzTVDj/b/sxP9nTi378j3ROSq74NnMEQBdGydR/VITtT7xlcUx EI9V0cWGxhOaaA1DMnKM+M7frGPjsEscv0Ep5UjeriL2cerk5h/6Hn/wre8Iks3++4KcIGgo 6Mh9XiyKre7Ki3d4B9XNxHbXi9KwnBsCmUb5Jy5xqAeNuNtBTzL0V7T0Iw3SgG/dEKcEhqdh a4bEjxpsUXm/b9bmX5qmuhbQR4/HuxJ4WONYMc8x2eJ6to+h32jZPZee6J2HZYwAh8GD+5KU 9JzzQK/ShGVDzneE64K3NIiNrX8OAx+cWCwZ2c8mlbi/czS/XRSXl0Em6ry9pC6c5a00rBOq UavHUDEKdmXcHwxQxKF6Sv5Fg8q+02BSNU/OGV08GsVJWtJlLBc1iAyUs5V5d0cqtOUrUxFv lU699mqGs7yJqladxE1awu9hqqcfY42oFCtXgT72LgK3CFNMjnsyQ0kaGFkdfqxH+lY1MvEW sq2BLFdFNSn4cqr2n5FqIwWu09sr4Vls8rdYk/cvICa/uoG2Vifs+LpuU/9Dx093Z9f4J5gF fWB2v/ZByskLRTE9UXclt/Wev2oId34jGEWPc1o1l3dNpqUE9QARAQABtCFEciBFYmVyaGFy ZCBXIExpc3NlIDxlbEBsaXNzZS5uYT6JAkEEEwECACsCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAhkBBQJVYkdgBQmejVUYAAoJEJcFHaN5RT+rO24QAJDprh7eqnOpTRFcA3tAEUOG JWYMVZLa2tiui52qiOfc4DBpDqThMQo/WkUohEvyE0FwS9f4ARv6kUVfzNmqeZSNjo/wcqVw yUFduOYWBmUGtxk4Y3Cy0C7LYn0EcOc7/A582b9hPAqPz8dK7EMCd8aBFCbYZRoPQvSgmaQz r3rCGNAmd3l7CHBvEyIp7NFgvEjUBbsBF1MQDkJhuGcLqJH+N6ZPR2tAY4IImAfAOT53bqe5 OnTNnMjikFmy4Ql5+OvEDb3nDd8axneKc9tTI27QiQEsxC/8W7r0MrFtdu5GTmkqtK0Nup+j rHtUPmwi9FL25kqRdWnrclFK9yr3zwva6jvfp6YhSI+KuITWlDGfHtD7A0TwE9Dljuch/JEB 2ziadh4rNHO4Jj/nFWzdCrnd+/HdVZfjjI76Yxdf33RD/CtZ+R4QGRAmP87RRIqdWJYyIttc Kji7o5aqnFRtXO838qlU0Fo7oxZGDG9/ec7Et6B9UJc3AJ1VVPNdmf/zV/TOOozINOjN+Lna YSsUu22BRnbVoB6cs+cQtF/YR3pJRYg91t1JRep5WzZI8k++7qbGCq0shm+GWfybep4Ov3rc /2eGlX0ExmiiV7f2G0YuE03et/W83XuLEIdapyBb3XP7+xz1fdxA2hLJ/iEpoK/0AmYVc7Jr bItqfHzRTfZ6uQINBFTW2UgBEADA98NelNqW5t1mr6PCJ9k3N6gbZM0aYBk+aJVaBNNW1SJO UOq8Z7Od7f4jvXmUdE8FKbxgfRFfLySQC8xWXObnmfomWwIG9F5usBdN+1A8ppqK0p/Skwn+ 6lQy66mG56CWpcpWV7J5H5I9rYXz2KnIrrbRJacNoz2xVxuE52Pd4X2QqHdUSeblBnd1s6YI ruzmt7QhcvDwbKJIu4ln+jfDBkWcBLDCveAhbexFD9B/nYCz3xw8sPPBSPWkc+UpdK/6Qbkj BVw+QQLpil6zJbLEEKMVgWY07f99RuNKyo0UKOl8s3scIoN4iGyxhEEOhknyw4psE3jdWb68 c3HXDNc3SjET+RVMQba433nnJT43Vv38B81R5SbgN0+9qU0GeyW4iJX9Q5k3gPWOe0X/db5v GF8PqdNPS9BKgu1X671g1SB4cHZedQw93DjhkigomOlA7RFB2VdXDS5pQZsXgJvjtPRRpSOz veDobslnFPaA14/QMFT+oGAarotSJJg2iG8m8crsDFPSh/aukUex44CkRXZ1MEb1/nNecIsT IL8cwr+F5BKP3BjLLwOLjfkc+VLcm59jRWtY0cwtby6qpfHdWXzg7ksByECQEEUX2noYw5MC kl4QnsrqFKsO3XQ69mpmhBnOx0AjfZfO+tIJ1OWxvyrYRHUCkcwzkfvN7yGtMwARAQABiQIl BBgBAgAPAhsMBQJVbZLBBQmejML5AAoJEJcFHaN5RT+rp5gP+gM3PbRsjZ57N52WPC/HTW43 /xI4BqCVbjSDb+BUDXXbXLyVEk4++EPP1GhKmBv2qLcbFUXRLqtERXu7T8J+iSux1E23lQqD HtkGtYhRyWQjh5LfCFPrXS5bbjhibRJPLaHYTm4rRzusJasw1ZNM5rwYcxvef0fXfEncDu+J tvPUbmYm2QIAw+8k+449hZiHMyo2/dw6aMG53DEtCcRBbpbP7MEC+7iu3MOVqxYocoe8biS+ gOyp7bdwVskM3F/n5oz/FRBsQoAO9n/z5eRbhq/HG81W0llUhCklNXIl5+7xAKQ2RHGJGlOf hUNXWDVa8NClzty8wUabIasFs3hZ4lTLOmbI2VjSwPSJ0s2uhDA3ce8bbVzwZCajMDzffqx2 ibdiZnBNXYG+2pDEvJtzNYkOHW7Ms3PsEUrxRpsqHWL+lEud3JaEuUkxeC2V0Rs0G+pWbY6Q m1MG9Ohvdd+TkxJJo6Qp2eI95oef2pWV5HcQWjadcZn9NVGbbV/nXSdCIM/CLViTUU7/7AKq rRyHpkT9ArdPCE89U06A25RX5hfuadLyJj+/5vv5D+VwrqWkGR2D0027qriOrHBwdzQ1JpHw d11t+z77vrKRWFwmgt1OHq+LqgP2Vhm8OjR5nf7lT/orPHoVnOfswsR5VNP9y6M1guu9iYB8 zFz9wx71rOpQ
Organization: Dr Eberhard W Lisse
Message-ID: <784348a0-b064-d66e-627d-80617ba468b1@lisse.NA>
Date: Fri, 14 Jun 2019 15:13:12 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <0202F994-3BFF-4FA5-A187-C0B3E8E1E108@rfc1035.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uIKM8LVgyqZITGLwvVTlS_UwoR4>
Subject: Re: [DNSOP] Verifying TLD operator authorisation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 13:13:21 -0000
Would (GPG encrypted) email to the registered address to the authority not be sufficient? That would make sure the recipient is authorized and must then cause the token to be 'delegated' as the second factor. Greetings, el On 2019-06-14 14:40 , Jim Reid wrote: > > >> On 14 Jun 2019, at 03:18, Nick Johnson >> <nick=40ethereum.org@dmarc.ietf.org> wrote: >> >> I'm working on a system that needs to authenticate a TLD >> owner/operator in order to take specific actions. We had intended to >> handle this by requiring them to publish a token in a TXT record > > This assumes someone who is able to update the TLD has the authority > or ability to change the TLD’s delegation. That’s not necessarily > true. Think of registries who outsource their registry operations > and/or DNS service to third parties. Such third parties might well be > able to edit the zone file (or whatever) but that doesn’t necessarily > mean the registry authorised or requested those changes. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) el@lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 / Bachbrecht, Namibia ;____/
- [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Dr Eberhard W Lisse
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Vladimír Čunát
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Bjarni Rúnar Einarsson
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Mark Andrews
- Re: [DNSOP] Verifying TLD operator authorisation Tim Wicinski
- Re: [DNSOP] Verifying TLD operator authorisation Matthew Pounsett
- Re: [DNSOP] PSD records, was Verifying TLD operat… John Levine
- Re: [DNSOP] PSD records, was Verifying TLD operat… Tim Wicinski
- Re: [DNSOP] PSD records, was Verifying TLD operat… John R Levine
- Re: [DNSOP] Verifying TLD operator authorisation Vittorio Bertola