Hi DNSOP, I recently submitted an individual Internet-Draft and would appreciate feedback from the working group, particularly on the DNS-related aspects and whether this work fits within DNSOP scope.
Draft: https://datatracker.ietf.org/doc/draft-midwestcyber-dspip/ Title: Digital Signing of Physical Items Protocol (DSPIP) Summary: DSPIP defines a cryptographic protocol for authenticating physical items (e.g., packages) using digitally signed QR codes. The protocol provides origin authentication, chain-of-custody verification, and privacy-preserving delivery mechanisms. One key component is DNS-based public key distribution (similar in spirit to DKIM), where verifiers retrieve public keys via DNS TXT records to validate signatures associated with physical items. I’m particularly interested in feedback on the following: 1. DNS usage model: - Suitability of DNS TXT records for distributing DSPIP public keys - Naming conventions (e.g., service prefixes, delegation patterns) - Alignment with existing practices (e.g., DKIM, other DNS-based verification mechanisms) 2. Operational considerations: - Caching, TTL, and key rotation implications - Resolver behavior under high-volume verification scenarios (e.g., logistics scanning) - Any concerns around abuse, scaling, or query patterns 3. Prior art / overlap: - Whether similar approaches exist that I should align with or reference - Any relevant DNSOP work I may have missed 4. Process guidance: - Would DNSOP be an appropriate venue for this work, or should I seek feedback elsewhere (e.g., dispatch or another WG)? All feedback is welcome, and I’d especially appreciate pointers on how to refine the DNS-related aspects to align with IETF best practices. Thanks in advance for your time and input, Andy Boell Midwest Cyber, LLC (402) 332-6542 https://www.midwestcyber.net [email protected] [cid:0374d91d-ac27-4b4f-86ed-ad8a32b28698]<https://outlook.office.com/bookwithme/user/[email protected]?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature> Book time to meet with me<https://outlook.office.com/bookwithme/user/[email protected]?anonymous&ismsaljsauthenabled&ep=bwmEmailSignature>
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
