Thanks and reviews/re-reviews welcome. Note: we've held off on a few of the points that Erik Nygren raised because they require a more involved treatment (detailed discussion of the token/name/account binding process; multi provider/CDN support, etc). I've asked Erik to contribute some text on those, and we might have some corresponding updates later.
Shumon. On Mon, Jul 10, 2023 at 4:30 PM Tim Wicinski <tjw.i...@gmail.com> wrote: > All > > Shivan, Shumon and Paul have incorporated feedback from the WG as well as > several area reviews, and more. > It's a much better document because of that, and we thank everyone. > > The chairs want to give the WG a 7-10 days to review the changes and > confirm there are no issues > > thanks > tim > > > On Mon, Jul 10, 2023 at 2:57 PM Shivan Kaul Sahib < > shivankaulsa...@gmail.com> wrote: > >> Hi folks, we received a bunch of feedback over the last couple of >> months that we've addressed in this draft revision. >> >> Some notable things: >> >> 1. We now use the term "domain control validation" instead of "domain >> verification" since that seems to be the industry standard >> 2. Make the problem statement clearer in the new Common Pitfalls >> section >> 3. Added new text on delegated domain control validation techniques >> that are often used by CDNs. This technique uses CNAMEs, so we removed the >> text around saying that CNAMEs are NOT RECOMMENDED >> 4. Removed strict requirements on the generation of the random token >> 5. Clarified that metadata in the validation record is optional >> 6. Addressed SECDIR and ARTART early review comments >> 7. Clarified scope of validation (i.e. apex vs not) >> 8. Cleaned up the Terminology section >> 9. Did a bunch of general document refactoring to make the >> recommendations clearer >> 10. Added text for DNAME >> >> >> >> On Mon, 10 Jul 2023 at 08:59, <internet-dra...@ietf.org> wrote: >> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. This Internet-Draft is a work item of the Domain Name System >>> Operations (DNSOP) WG of the IETF. >>> >>> Title : Domain Control Validation using DNS >>> Authors : Shivan Sahib >>> Shumon Huque >>> Paul Wouters >>> Filename : >>> draft-ietf-dnsop-domain-verification-techniques-02.txt >>> Pages : 15 >>> Date : 2023-07-10 >>> >>> Abstract: >>> Many application services on the Internet need to verify ownership or >>> control of a domain in the Domain Name System (DNS). The general >>> term for this process is "Domain Control Validation", and can be done >>> using a variety of methods such as email, HTTP/HTTPS, or the DNS >>> itself. This document focuses only on DNS-based methods, which >>> typically involve the application service provider requesting a DNS >>> record with a specific format and content to be visible in the >>> requester's domain. There is wide variation in the details of these >>> methods today. This document proposes some best practices to avoid >>> known problems. >>> >>> The IETF datatracker status page for this Internet-Draft is: >>> >>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ >>> >>> There is also an HTML version available at: >>> >>> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-02.html >>> >>> A diff from the previous version is available at: >>> >>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-02 >>> >>> Internet-Drafts are also available by rsync at rsync.ietf.org: >>> :internet-drafts >>> >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >>> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop