Hi Erik,

On 6/10/26 19:25, Erik Nygren wrote:
I agree that this use-case is something we do want to handle, especially as way 
to be able to indicate to authorize/validate
provisioning DNS authoritative services for a domain as the normal ways don't 
work for this.

My inclination however is that we want to split this out into its own separate 
draft.  I think there are enough
design discussions that want to happen here (eg, 
https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/issues/147
 
<https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/issues/147>
 discusses some)

In fact, the issue you cite proposes the same solution as I did, albeit for a 
different use case (preventing lame delegations as opposed to 2FA recovery). 
The common aspect, however, is domain holder verification.

In my earlier message, I suggested that this could be a simple addition of one 
or two paragraphs to the draft. For example, something like the 4th paragraph 
in the issue you referenced would probably suffice.

Such a small addition distinctly, I think, would not justify the overhead of an 
additional document process.

If the WG has no objections, I can offer such a small addition next week. If 
it's uncontentious, we might as well ship it; if it is contentious / holding 
things up, we can still drop it.

Best,
Peter

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to