All Shivan, Shumon and Paul have incorporated feedback from the WG as well as several area reviews, and more. It's a much better document because of that, and we thank everyone.
The chairs want to give the WG a 7-10 days to review the changes and confirm there are no issues thanks tim On Mon, Jul 10, 2023 at 2:57 PM Shivan Kaul Sahib <shivankaulsa...@gmail.com> wrote: > Hi folks, we received a bunch of feedback over the last couple of > months that we've addressed in this draft revision. > > Some notable things: > > 1. We now use the term "domain control validation" instead of "domain > verification" since that seems to be the industry standard > 2. Make the problem statement clearer in the new Common Pitfalls > section > 3. Added new text on delegated domain control validation techniques > that are often used by CDNs. This technique uses CNAMEs, so we removed the > text around saying that CNAMEs are NOT RECOMMENDED > 4. Removed strict requirements on the generation of the random token > 5. Clarified that metadata in the validation record is optional > 6. Addressed SECDIR and ARTART early review comments > 7. Clarified scope of validation (i.e. apex vs not) > 8. Cleaned up the Terminology section > 9. Did a bunch of general document refactoring to make the > recommendations clearer > 10. Added text for DNAME > > > > On Mon, 10 Jul 2023 at 08:59, <internet-dra...@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. This Internet-Draft is a work item of the Domain Name System >> Operations (DNSOP) WG of the IETF. >> >> Title : Domain Control Validation using DNS >> Authors : Shivan Sahib >> Shumon Huque >> Paul Wouters >> Filename : >> draft-ietf-dnsop-domain-verification-techniques-02.txt >> Pages : 15 >> Date : 2023-07-10 >> >> Abstract: >> Many application services on the Internet need to verify ownership or >> control of a domain in the Domain Name System (DNS). The general >> term for this process is "Domain Control Validation", and can be done >> using a variety of methods such as email, HTTP/HTTPS, or the DNS >> itself. This document focuses only on DNS-based methods, which >> typically involve the application service provider requesting a DNS >> record with a specific format and content to be visible in the >> requester's domain. There is wide variation in the details of these >> methods today. This document proposes some best practices to avoid >> known problems. >> >> The IETF datatracker status page for this Internet-Draft is: >> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ >> >> There is also an HTML version available at: >> >> https://www.ietf.org/archive/id/draft-ietf-dnsop-domain-verification-techniques-02.html >> >> A diff from the previous version is available at: >> >> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-domain-verification-techniques-02 >> >> Internet-Drafts are also available by rsync at rsync.ietf.org: >> :internet-drafts >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop