I think Paul conveyed the authors' opinions here pretty well. Just wanted
to respond to the token generation bit:
On Fri, 17 Feb 2023 at 08:22, Paul Wouters wrote:
> John Levine wrote:
>
> > While I think it would be good to publish some best practices in this
> area,
> > this draft still seems
It appears that Brian Dickson said:
>DC templates generally are of the key/value pair structure, with the
>"value" typically being specific to the customer, such as a validation
>string.
Oh, OK, there's a concrete reason to use fixed names and put the token
in the body.
R's,
John
_
On Fri, Feb 17, 2023 at 4:06 PM tjw ietf wrote:
> John
>
> Paul is right. As an operator one thing I always obsess on in is the data
> in my zones. Why is it there , should it be, etc. Another example you may
> understand is “who created this incorrect DMARC record?”
>
> I’ve given them much muc
It appears that Paul Wouters said:
>But also, the pain is not felt at the people who dictate how to use
>their DNS validation scheme. It is with the DNS administrators finding
>a bunch of unrecognisable DNS records and not knowing what the hell
>they are for and whether they can or should be dele
John
Paul is right. As an operator one thing I always obsess on in is the data in my
zones. Why is it there , should it be, etc. Another example you may understand
is “who created this incorrect DMARC record?”
I’ve given them much much feedback. I am eager for others to sound off.
And Brian,
On Fri, 17 Feb 2023, John R Levine wrote:
Surely we know people who run services that use DNS validation. How about
talking to some of them and finding out what kind of user errors they run
into?
The insinuation here is that we didn't talk to them. One of the authors
is at salesforce, who is
On Fri, 17 Feb 2023, John Levine wrote:
That makes no sense. Why is it harder to copy a string to the name field
in a cruddy web GUI than to the data field? It's copy and paste either way.
For one, if the zone data presented to you is like a sorted zone file.
Second, because LHS entries usua
It appears that Paul Wouters said:
>> _a1b2c3.example.com IN ... "whatever"
>> _crudco.example.com IN ... "a1b2c3"
>
>Adding cryptogrpahically strong/long strings in the prefix seems
>unwieldly and prone to problems - especially if the user has to put
>these in via a webgui of mediocre quality.
John Levine wrote:
While I think it would be good to publish some best practices in this area,
this draft still seems scattered and makes some assertions that seem to me
to be somewhere between unsupported and mistaken.
I think we agree that the goal is there are two parties, call them
owner an
All
I was not being passive aggressive about the authors publishing their
update, I was reading the datatracker incorrectly from my phone.
However, since they now have published their update, let us do this WGLC.
Much has changed, mostly after feedback from previous
IETF meetings that this is ch
OH Apologies.
I had felt the authors published their new version, but I sent the wrong
draft message out.
Please ignore this and I'll stop trying to be useful today
tim
On Thu, Feb 16, 2023 at 12:04 PM Tim Wicinski wrote:
>
> All
>
> The authors and the chairs feel this document has reached
All
The authors and the chairs feel this document has reached the stage where
it's ready for Working Group Last Call.
This starts a Working Group Last Call for:
draft-ietf-dnsop-domain-verification-techniques
Current versions of the draft is available here:
https://datatracker.ietf.org/doc/draf
12 matches
Mail list logo
