On Fri, 17 Feb 2023, John R Levine wrote:
Surely we know people who run services that use DNS validation. How about
talking to some of them and finding out what kind of user errors they run
into?
The insinuation here is that we didn't talk to them. One of the authors
is at salesforce, who is a big deployer of this. We talked at a number
of IETFs to various people and listened to them. One of the dnsop chairs
also has quite some experience in this field and read previous drafts
and gave us advise from their viewpoint.
But also, the pain is not felt at the people who dictate how to use
their DNS validation scheme. It is with the DNS administrators finding
a bunch of unrecognisable DNS records and not knowing what the hell
they are for and whether they can or should be deleted. Or those admins
that now see their APEX going back to TCP (yes dig txt cnn.com gets TC
and falls back to TCP)
(Caveat, I'm responding to this thread, not to the actual draft since I
haven't recently read it.)
It's not very long, should take about 5 mins to read.
Its a feature. We try to keep it simple and clear and easy to follow.
And not present people with a number of mostly equivalent ways of
doing the same thing. In the end, it is a BCP. If you want to insist
on using randomized prefixes with CNAMEs, make your day.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
