Stephane, all, [I feel cautious about continuing to cross-post this to dnsop as well as dinrg - however, it does apply to both areas, so i'll keep both groups in for now]
On Fri, Feb 15, 2019 at 10:37 AM Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > I think that it is an important work because it brings the power of > the DNS to many other identifier systems. So, I support it. Thanks - great to hear. I'm hearing that DIDs are being used in more and more situations, so i think it makes sense to define that "bridging" protocol between the two "worlds. > May be more examples could help people figure out the use cases? "My > Bitcoin address is at foobar.example" and then the Bitcoin software > would query _did.foobar.example and get > <did:bitcoin:1NZc7FJ7eHJgRMRSrmncJJM9bPnusJeuR6>. I will add more examples in the next revision. We also need to include an example for the "email address" use case. > I note that there exists already non-standard (and probably not really > deployed) solutions in that space, some specific to a TLD > <https://www.nominet.uk/domain-names-unlock-new-potential-on-blockchain/> > <http://domainincite.com/23273-my-brain-explodes-trying-to-understand-mmxs-new-blockchain-deal-for-luxe> I'm aware of the .luxe initiative, however, i haven't yet seen any technical specifications about how the connection between DNS and Blockchains is performed. If anybody has a pointer, i'd definitely appreciate it. The other alternative proposal i've found is https://openalias.org/ - scroll down for their definition of the TXT record. They don't use DIDs as far as i understand, though. > Regarding draft -01: it seems OK to me. The only problem I find: > > > particularly the concerns around downgrade attacks when the record > > is not signed > > Why downgrade attacks specifically? Without DNSSEC, a lot of attacks > are possible. I agree, that section requires some rewording. I'm referring to the language in the OpenPGP DANE RFC here. I'm happy to work on more text, and open to suggestions :) best, Alex _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop