Would (GPG encrypted) email to the registered address to the authority not be sufficient? That would make sure the recipient is authorized and must then cause the token to be 'delegated' as the second factor.
Greetings, el On 2019-06-14 14:40 , Jim Reid wrote: > > >> On 14 Jun 2019, at 03:18, Nick Johnson >> <nick=40ethereum....@dmarc.ietf.org> wrote: >> >> I'm working on a system that needs to authenticate a TLD >> owner/operator in order to take specific actions. We had intended to >> handle this by requiring them to publish a token in a TXT record > > This assumes someone who is able to update the TLD has the authority > or ability to change the TLD’s delegation. That’s not necessarily > true. Think of registries who outsource their registry operations > and/or DNS service to third parties. Such third parties might well be > able to edit the zone file (or whatever) but that doesn’t necessarily > mean the registry authorised or requested those changes. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) e...@lisse.na / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 / Bachbrecht, Namibia ;____/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
