Markdown Version | Transcript | Session Recording | Session Materials

Session Date/Time: 19 Mar 2026 03:30

DCONN

IETF 125 Working Group Session Minutes

Summary

The DCONN working group met at IETF 125 to discuss progress on draft-ietf-dconn-domainconnect. The session focused on significant structural updates to the draft, the removal of non-protocol elements (such as UI/browser handling), and addressing open technical issues regarding the asynchronous flow, security flags, and document size. A key outcome of the meeting was the decision to split the document to separate the synchronous and asynchronous flows.

Key Discussion Points

Working Group Status and Draft Updates

Pavel Kowalik presented IETF 125 Kowalik Domain Connect, detailing changes in version 01 of draft-ietf-dconn-domainconnect.

• Structural Changes: The draft was reorganized for clarity, moving terminology, object definitions, and templates to the front.
• ABNF Grammars: Comprehensive ABNF grammars were added for protocol identifiers, domain names (including IDNs), and template parameters.
• Removals: Non-protocol elements, specifically browser UI handling (pop-ups, tabs) and informational text regarding SPF alternatives, were removed to focus on normative protocol behavior.
• Processing Algorithms: The draft now includes explicit algorithms for variable substitution and template application (tracking vs. non-tracking servers).

Asynchronous Apply Parameters

Pavel Kowalik raised an issue regarding the precedence of parameters in the asynchronous flow (POST requests).

• Proposal: Keep standard protocol parameters (domain, host, groups) in the query string for logging and auditability, while moving template-specific key-value parameters to the JSON body.
• Discussion: It was noted that this might be a breaking change for existing asynchronous integrations, though few such implementations currently exist. There were no strong objections in the room, and discussion will continue on the mailing list.

The warn_phishing Template Property

The group discussed whether to keep or remove the warn_phishing flag for unsigned templates.

• Option 1: Remove the flag; insecurity is implicit if the signature is missing.
• Option 2: Keep the flag but make it mandatory for unsigned templates to ensure backward compatibility.
• Discussion: Orie Steele, James Galvin, and Rick Wilhelm expressed a preference for Option 1, arguing that security should not be "graded" with sub-tags and that "insecure" should be the implicit default for unsigned content. Gavin Brown suggested keeping it only if strictly necessary for backward compatibility but defaulting it to true.
• Sense of the Room: There was strong support for Option 1 (removing the flag and making insecurity implicit).

Document Size and Splitting the Draft

The current draft has grown to over 80 pages. Pavel Kowalik proposed splitting the document.

• Proposal: Focus the core document on the Synchronous flow and move the Asynchronous flow (approximately 15 pages involving OAuth) to a separate Standards Track document.
• Discussion: James Galvin, Rick Wilhelm, and Arnt supported the split, noting that a shorter "core" document is more approachable for new implementers. Orie Steele supported the split provided that the synchronous portion remains functionally useful on its own.
• Sense of the Room: Strong consensus to split the draft.

IANA Registries for RR Types

Pavel Kowalik proposed creating an IANA registry for "fully specified" resource record (RR) types within Domain Connect templates to allow for future extensibility (e.g., virtual types like SPFM).

• Discussion: Rick Wilhelm noted the need to ensure harmony with existing IANA RR type registries. Orie Steele (via chat) suggested a "Specification Required" registry.

Decisions and Action Items

• Decision: The working group will proceed with splitting draft-ietf-dconn-domainconnect. The main draft will cover the Core/Synchronous flow, and a new draft will be created for the Asynchronous flow.
• Decision: The warn_phishing property will be removed from the template definition. Insecurity will be implicit for any unsigned template.
• Action (Editors): Update the draft to reflect the split and the removal of the warn_phishing property.
• Action (Chairs): Coordinate with the DNS Directorate for an early review once the split is implemented.

Next Steps

1. Finalize the split of the draft into Synchronous and Asynchronous components.
2. Close remaining GitHub issues based on session feedback.
3. Request early review from the DNS Directorate.
4. Assess the document's readiness for Working Group Last Call (WGLC) before the next meeting.

Related Documents

draft-ietf-dconn-domainconnect