Hi Paul, Thanks for your comments.
At the last DNSOP meeting in Dublin, I already made some remarks at the mic that the draft is in need of some cleanup and reorganization. A lot of the content has grown by accretion in response to various feedback and it is probably indeed time to do a cleanup pass. The authors had already planned to meet later this month on this topic. They are now also considering your specific suggestions, and will pull you into some of those conversations. Shumon. On Wed, Jan 8, 2025 at 9:17 PM Paul Hoffman <[email protected]> wrote: > Greetings again. draft-ietf-dnsop-domain-verification-techniques is stuck, > I think for good reason. It has evolved to be all of "best practices", > "cool extensions", "requirements", and "examples of how people do this > now". That evolution has caused the result to have conflicting advice and > unclear examples. I sincerely believe that the document can only be saved > by making it much shorter, focused just on "best practices". > > In making it shorter, it still could use some additions, particularly the > pitfalls of domain lifecycle and other topics from Section 4 of > draft-sheth-dns-integration. It is a best practice to at least think about > all those issues even if this document can't say what to do to protect > against normal human failures. > > In specific (and not in totality), I'd like to see removed: > - anything about CNAME, other than an explanation about why it is > dangerous to rely on > - anything about intermediaries because they grossly complicate the idea > of someone controlling a domain > - requirements on randomness length; for many scearios, 44 bits of entropy > is just fine and can be easily typed > - requirements on time-bound checking, other than a description of why you > might or might not want it > > I now that doing this might be difficult, and if the authors agree that > these might be good changes, I'd be willing to do a reorg pass. Having said > that, I'd really like to see this draft and draft-sheth-dns-integration (or > at least the ideas in them) move forward so that other drafts that rely on > them (such as draft-chins-dnsop-web3-wallet-mapping) can move as well. > > --Paul Hoffman > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
