It appears that Erik Nygren <[email protected]> said: >-=-=-=-=-=- > >For additional visibility to the WG, the largest change in this version is >switching the terminology from "random tokens" to "unique tokens" (of >which random is one type). There is also discussion of the associated >security properties.
Technically it looks fine. In section 3, I think the discussion of persistent validation is unrealistically negative. The practical motivation is so the provider can tell that the customer has gone away due to domain expiration or whatever. While it is theoretically true that a malicious new domain owner could copy the records, that's like a .1% case, with the other 99.9% being that the old owner forgot or didn't care, the new owner knows nothing about it so in practice it works fine. Section 7.2 appears to assume that there is something illegitimate about subcontracting. Providers do it all the time, it's perfectly OK. And if they do, why would you assume the subcontractor wouldn't use the same vendor name? I'd remove the entire section. R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
