On Tue, Jun 15, 2021 at 12:28 PM Shivan Kaul Sahib < shivankaulsa...@gmail.com> wrote:
> Hi Stephane! > >> >> Section 4.1: you do not mention a recommended name for the >> subdomain. Should we suggest a name starting with an underscore, to >> limit the risk of collisions and to emphasize it is not a host name? >> (On the other hand, some users may have a limited DNS provisioning >> interface, which enforces a LDH restriction.) >> > > This draft is intended to be a survey of existing techniques and broad > recommendations that can be derived from the survey (hence we only discuss > the value of targeted domain verification). Our thought was that we should > leave concrete best practices for a later draft. > Shivan: a survey is the initial goal. But my thinking was: assuming there is interest in the draft first (which there appears to be), we could work on recommendations in a later iteration of this draft (and not a new one, although I could be persuaded). Yes, Stephane, we were envisioning recommending an underscore label. Of course, that leads to how to avoid collisions in that space, and whether we need to establish a registry of application service names. Section 5: should we also add that, specially if the zone is not >> signed, multi-vantage-point checking is recommended (Let's Encrypt >> already does it)? >> > > Interesting, I raised an issue here: > https://github.com/ShivanKaul/draft-sahib-domain-verification-techniques/issues/18 > Yeah, that's a good idea. Shumon
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop