Re: [DNSOP] Verifying TLD operator authorisation
Shane Kerr <shane@time-travellers.org> Tue, 18 June 2019 13:56 UTC
Return-Path: <shane@time-travellers.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F333212004B for <dnsop@ietfa.amsl.com>; Tue, 18 Jun 2019 06:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmGREFxI93ay for <dnsop@ietfa.amsl.com>; Tue, 18 Jun 2019 06:56:09 -0700 (PDT)
Received: from time-travellers.org (c.time-travellers.nl.eu.org [IPv6:2a02:2770::21a:4aff:fea3:eeaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD8D120047 for <dnsop@ietf.org>; Tue, 18 Jun 2019 06:56:09 -0700 (PDT)
Received: from [2001:470:78c8:2:b0de:6b12:161e:5690] by time-travellers.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <shane@time-travellers.org>) id 1hdEak-0006vN-JB for dnsop@ietf.org; Tue, 18 Jun 2019 13:56:06 +0000
To: dnsop@ietf.org
References: <CAFz7pMvkQUz78Qow03RsFKHof3nrnGu3BUwUP0zstWgVtP3Msw@mail.gmail.com> <tqjbSfSi2Kv3DHpi6nBJVi2e6tCZFTdVyrKpxiud2348@mailpile> <4353B4DB-3F05-44B7-8272-A07EAF73B009@rfc1035.com>
From: Shane Kerr <shane@time-travellers.org>
Message-ID: <566ff2fe-1795-2046-8e23-46046bbf7385@time-travellers.org>
Date: Tue, 18 Jun 2019 15:56:06 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <4353B4DB-3F05-44B7-8272-A07EAF73B009@rfc1035.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wFkdM8mUm5uSY7PkwlpTeAsiIYw>
Subject: Re: [DNSOP] Verifying TLD operator authorisation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 13:56:11 -0000
Jim, On 18/06/2019 13.27, Jim Reid wrote: > > >> On 18 Jun 2019, at 11:13, Bjarni Rúnar Einarsson <bre@isnic.is> wrote: >> >> The SOA record for a TLD contains two DNS names which should be >> under the control of the NIC ... >> People on this list can probably comment on whether my above >> assumption is correct, and whether those are good candidates for >> what you have in mind. > > Being able to control a zone’s SOA record (or whatever) means just that. No more, no less. It doesn’t mean someone who has that ability also has the authority to change the zone’s delegation even though they can manipulate the zone contents. You're basically arguing against ACME-style authentication. While you are not necessarily wrong, people find the approach useful enough to not worry about who "really" owns a web server, and I suspect that a conscious decision can be made to not worry about who "really" owns a TLD in much the same way. Cheers, -- Shane
- [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Rubens Kuhl
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Dr Eberhard W Lisse
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Vladimír Čunát
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Bjarni Rúnar Einarsson
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Jim Reid
- Re: [DNSOP] Verifying TLD operator authorisation Shane Kerr
- Re: [DNSOP] Verifying TLD operator authorisation Nick Johnson
- Re: [DNSOP] Verifying TLD operator authorisation Joe Abley
- Re: [DNSOP] Verifying TLD operator authorisation Mark Andrews
- Re: [DNSOP] Verifying TLD operator authorisation Tim Wicinski
- Re: [DNSOP] Verifying TLD operator authorisation Matthew Pounsett
- Re: [DNSOP] PSD records, was Verifying TLD operat… John Levine
- Re: [DNSOP] PSD records, was Verifying TLD operat… Tim Wicinski
- Re: [DNSOP] PSD records, was Verifying TLD operat… John R Levine
- Re: [DNSOP] Verifying TLD operator authorisation Vittorio Bertola