Hi, I’ve read this document and this feels to me that you are building a new protocol on top of DNS. I believe that best course of action would be to go through a process of chartering a new working group if there’s a sufficient number of people interested in this (similar to other DNS-based frameworks). The chartering of the new WG should start with specifying the problem statement. And I would actually suggest starting with having side meeting or BoF first:
https://wiki.ietf.org/group/iesg/bof-coordination-meetings As in, this feels like this is topic that only marginally touches DNS (let’s put some TXT in DNS) and if this takes of, I would expect more work to be done than just this one draft. Cheers, Ondrej > On 5. 3. 2026, at 23:29, junzhang <[email protected]> > wrote: > > Dear All, > > We have submitted one new individual draft for discussion: A DNS-Based > Framework for Privacy-Preserving Identity. > > Feedbacks are welcome. > > Yours, > Jun Zhang > > > > Name: draft-duda-dnsop-dns-did > Revision: 00 > Title: A DNS-Based Framework for Privacy-Preserving Identity > Date: 2026-03-02 > Group: Individual Submission > Pages: 8 > URL: https://www.ietf.org/archive/id/draft-duda-dnsop-dns-did-00.txt > Status: https://datatracker.ietf.org/doc/draft-duda-dnsop-dns-did/ > HTML: https://www.ietf.org/archive/id/draft-duda-dnsop-dns-did-00.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-duda-dnsop-dns-did > > > Abstract: > > This document presents a framework for privacy-preserving identity > management based on DNS, supporting large-scale management of users, > IoT devices, and AI agents. It introduces Self-Certifying > Identifiers (SIDs), User/Service Trustees as trusted proxies, and > leverages DNSSEC-secured TXT records to bind public keys to > identities. The framework enables privacy-by-design, where real > identities are hidden behind trusted entities, through privacy- > preserving intermediarie. Credentials bound to SIDs support role- > based access control, while ephemeral tokens ensure short-lived > authorization. Although initially DNS-dependent, the model can > extend to other directories like DIDs or IPFS. This approach aligns > with zero-trust architectures and supports automated, AI-driven > interactions in future networks. > > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
