Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-03.txt

Hi folks, summary of changes in latest version: 1. We added Erik Nygren as a co-author. Thanks Erik! 2. Added text on use of domain validation records by Intermediaries (such as CDNs). 3. Added text on multi-account and multi-intermediary cases. 4. Added text for domain boundaries

Re: [DNSOP] Dnsdir early review of draft-ietf-dnsop-domain-verification-techniques-02

Hi Jim, thanks for the review, but it looks like you reviewed an older version of the draft, not -02. -02 addresses a lot of the feedback you have: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-domain-verification-techniques-02 On Wed, 12 Jul 2023 at 17:48, Jim Reid via Datatracker

Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

Hi folks, we received a bunch of feedback over the last couple of months that we've addressed in this draft revision. Some notable things: 1. We now use the term "domain control validation" instead of "domain verification" since that seems to be the industry standard 2. Make the problem

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-domain-verification-techniques-01

Hi Ben, thanks again for your comments! We've uploaded a new version that takes them into account. On Wed, 19 Apr 2023 at 17:40, Benjamin Kaduk via Datatracker < nore...@ietf.org> wrote: > Reviewer: Benjamin Kaduk > Review result: Has Issues > > # SecDir review of

Re: [DNSOP] Artart early review of draft-ietf-dnsop-domain-verification-techniques-01

Hi Barry, we've uploaded a new version that should address your helpful comments: https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ On Mon, 3 Apr 2023 at 00:38, Barry Leiba via Datatracker wrote: > Reviewer: Barry Leiba > Review result: Ready with Nits > > This

Re: [DNSOP] [Ext] rfc8499bis: lame

On Thu, 8 Jun 2023 at 16:58, Paul Hoffman wrote: > On Jun 8, 2023, at 4:47 PM, Wes Hardaker wrote: > > > > Paul Wouters writes: > > > >> That was one of my suggestions, don't define it or declare it obsolete. > >> It will ofcourse take time for people to stop using it. > > > > There were a

Re: [DNSOP] Domain Verification Techniques using DNS

Hi Elliott, On Wed, 24 May 2023 at 14:52, wrote: > --- Original Message --- > On Tuesday, May 23rd, 2023 at 21:22, Paul Wouters 40aiven...@dmarc.ietf.org> wrote: > > > On Mon, May 22, 2023 at 5:49 PM wrote: > >> Dear DNSOP WG, >> >> My company has developed a domain verification

Re: [DNSOP] Working Group Last Call for "Domain Verification Techniques using DNS"

I think Paul conveyed the authors' opinions here pretty well. Just wanted to respond to the token generation bit: On Fri, 17 Feb 2023 at 08:22, Paul Wouters wrote: > John Levine wrote: > > > While I think it would be good to publish some best practices in this > area, > > this draft still seems

Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-01.txt

Hi folks, we (finally) published a new version of the domain verification techniques draft, now as intended-BCP. We've had some feedback from providers but would love for folks to review, especially people who would actually use it. On Thu, 16 Feb 2023 at 11:15, wrote: > > A New Internet-Draft

Re: [DNSOP] [Ext] Call for Adoption: Survey of Domain Verification Techniques using DNS

On Tue, 12 Jul 2022 at 15:04, Paul Hoffman wrote: > On Jul 12, 2022, at 2:16 PM, Melinda Shore > wrote: > > > >> I agree that the list of implementations should be deleted or > summarized in an appendix. > > > > Well, maybe. The "Let's Encrypt" example is actually part of the > > acme spec

Re: [DNSOP] Call for Adoption: Survey of Domain Verification Techniques using DNS

Thanks all for the feedback! I've attempted to capture the following feedback here : 1. Remove the naming of specific implementations 2. Remove normative language 3.

Re: [DNSOP] New Version Notification for draft-sahib-domain-verification-techniques-03.txt

Hi all, we just published a new version of the DNS domain verification techniques draft. We've made some changes and have a new author (thanks Paul Wouters!) As mentioned last time, we're looking for DNSOP WG

Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt

Thanks Tony! Best practice for providers ought to be to document re-validation > requirements very prominently and clearly. (In my experience the common > ones are not too bad but occasionally we have to guess, so maybe a service > stops working for mysterious reasons 30 or 90 days later.) >

Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt

Hi Stephane! > > Section 4.1: you do not mention a recommended name for the > subdomain. Should we suggest a name starting with an underscore, to > limit the risk of collisions and to emphasize it is not a host name? > (On the other hand, some users may have a limited DNS provisioning >

[DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt

Hi all, Shumon and I have been working on an early draft that surveys current DNS domain verification techniques. Depending on how it goes, we hope to eventually explore if we can come up with some best practices. We plan to ask for time to present it at the IETF 111 DNSOP meeting. In the