Hi folks, we received a bunch of feedback over the last couple of months that we've addressed in this draft revision.
Some notable things: 1. We now use the term "domain control validation" instead of "domain verification" since that seems to be the industry standard 2. Make the problem statement clearer in the new Common Pitfalls section 3. Added new text on delegated domain control validation techniques that are often used by CDNs. This technique uses CNAMEs, so we removed the text around saying that CNAMEs are NOT RECOMMENDED 4. Removed strict requirements on the generation of the random token 5. Clarified that metadata in the validation record is optional 6. Addressed SECDIR and ARTART early review comments 7. Clarified scope of validation (i.e. apex vs not) 8. Cleaned up the Terminology section 9. Did a bunch of general document refactoring to make the recommendations clearer 10. Added text for DNAME On Mon, 10 Jul 2023 at 08:59, <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Domain Name System > Operations (DNSOP) WG of the IETF. > > Title : Domain Control Validation using DNS > Authors : Shivan Sahib > Shumon Huque > Paul Wouters > Filename : draft-ietf-dnsop-domain-verification-techniques-02.txt > Pages : 15 > Date : 2023-07-10 > > Abstract: > Many application services on the Internet need to verify ownership or > control of a domain in the Domain Name System (DNS). The general > term for this process is "Domain Control Validation", and can be done > using a variety of methods such as email, HTTP/HTTPS, or the DNS > itself. This document focuses only on DNS-based methods, which > typically involve the application service provider requesting a DNS > record with a specific format and content to be visible in the > requester's domain. There is wide variation in the details of these > methods today. This document proposes some best practices to avoid > known problems. > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-02.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-02 > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
