Hi Stephane! > > Section 4.1: you do not mention a recommended name for the > subdomain. Should we suggest a name starting with an underscore, to > limit the risk of collisions and to emphasize it is not a host name? > (On the other hand, some users may have a limited DNS provisioning > interface, which enforces a LDH restriction.) >
This draft is intended to be a survey of existing techniques and broad recommendations that can be derived from the survey (hence we only discuss the value of targeted domain verification). Our thought was that we should leave concrete best practices for a later draft. > > Section 5: should we also add that, specially if the zone is not > signed, multi-vantage-point checking is recommended (Let's Encrypt > already does it)? > Interesting, I raised an issue here: https://github.com/ShivanKaul/draft-sahib-domain-verification-techniques/issues/18
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
