Hello,

Mark Jeftovic (easyDNS) and I filed two Internet-Drafts in May. I am writing to 
ask this list to look hard at the DNS-layer design before anything else.

A short word on who I am, for those who do not know me: I spent many years as 
CEO of Tucows. Groundmark is independent of any company.

The motivation is the gap left by the payment and authorization work now moving 
quickly around agents. Those efforts answer how an agent pays or what it is 
permitted to do in a session. None answers a prior question: when an agent 
presents itself to a counterparty, is there an accountable party behind it, 
established without a central registry. We think the answer is the same place 
DKIM put it. A key in a TXT record, anchored to a registrant a registrar has 
already verified.

What the core draft actually adds to DNS is small and, we hope, unobjectionable:

- Two TXT records under RFC 8552 reserved underscore labels: _agentid (an 
Ed25519 signing key) and _agentclaim (a reference to an externally hosted 
attestation), both tagged v=gm1.
- Request authentication is a profile of HTTP Message Signatures (RFC 9421), 
not a new mechanism.
- DNSSEC is a MUST in the verification flow, borne by participants rather than 
asked of the whole internet.
- DNS remains discovery only. The attestation itself is fetched over HTTPS; DNS 
holds a reference, not the claim.

The IANA ask is registration of _agentid and _agentclaim in the Underscored and 
Globally Scoped DNS Node Names registry (RFC 8552). That, the DNSSEC 
requirement, and coexistence with _dmarc, DKIM, TLSA, and the ANS and DNS-AID 
drafts are the places I most want your scrutiny. A companion draft carries the 
attestation semantics, kept separate so the DNS work stands on its own.

Core: draft-noss-jeftovic-groundmark-core-00
Attestation: draft-noss-jeftovic-groundmark-attestation-00

I would value the review, sharp or otherwise.

EN
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to