Hi Erik,
On 6/10/26 19:25, Erik Nygren wrote:
I agree that this use-case is something we do want to handle, especially as way
to be able to indicate to authorize/validate
provisioning DNS authoritative services for a domain as the normal ways don't
work for this.
My inclination however is that we want to split this out into its own separate
draft. I think there are enough
design discussions that want to happen here (eg,
https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/issues/147
<https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/issues/147>
discusses some)
In fact, the issue you cite proposes the same solution as I did, albeit for a
different use case (preventing lame delegations as opposed to 2FA recovery).
The common aspect, however, is domain holder verification.
In my earlier message, I suggested that this could be a simple addition of one
or two paragraphs to the draft. For example, something like the 4th paragraph
in the issue you referenced would probably suffice.
Such a small addition distinctly, I think, would not justify the overhead of an
additional document process.
If the WG has no objections, I can offer such a small addition next week. If
it's uncontentious, we might as well ship it; if it is contentious / holding
things up, we can still drop it.
Best,
Peter
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]