Thanks for this helpful input!
(In theory DNSSEC could prevent falsified responses about scope, but I
realize that it's not widely deployed :(
Let's also think about the more general (non-ACME) application use case
too. Maybe multiple possible ways to indicate scope are needed.
Shumon.
On Tue,
There are some benefits in ACME for it being on the label (At least in the
ACME use case):
It being on the label provides external confirmation that the ACME server
did the correct thing. If it's part of the response, it's a lot easier for
an ACME server to falsely claim the scope was something
On Mon, Feb 19, 2024 at 6:55 PM Paul Wouters wrote:
> On Sat, 17 Feb 2024, Shumon Huque wrote:
> > I'm sure other folks will chime in with their views. But I want to ping
> Paul Wouters specifically - since you are one of
> > the expert reviewers for this registry and an author of
>
On Sat, 17 Feb 2024, Shumon Huque wrote:
Should the IANA registry be involved for the `wildcard`, `host`, and
`domain` scope values that are mentioned
in the draft?
Are you referring to the 'Underscore and Globally Scoped DNS Node Names
registry' located here?
On Wed, Feb 7, 2024 at 1:32 PM Amir Omidi
wrote:
> Should the IANA registry be involved for the `wildcard`, `host`, and
> `domain` scope values that are mentioned in the draft?
>
Amir,
Are you referring to the 'Underscore and Globally Scoped DNS Node Names
registry' located here?
Should the IANA registry be involved for the `wildcard`, `host`, and
`domain` scope values that are mentioned in the draft?
--
Amir Omidi (he/them)
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Hi folks, summary of changes in latest version:
1. We added Erik Nygren as a co-author. Thanks Erik!
2. Added text on use of domain validation records by Intermediaries
(such as CDNs).
3. Added text on multi-account and multi-intermediary cases.
4. Added text for domain boundaries
Internet-Draft draft-ietf-dnsop-domain-verification-techniques-03.txt is now
available. It is a work item of the Domain Name System Operations (DNSOP) WG
of the IETF.
Title: Domain Control Validation using DNS
Authors: Shivan Sahib
Shumon Huque
Paul Wouters
