| > This seems like a nice option to have, and I appreciate the thought put into it. I really appreciate this comment, thanks. > Personally I think I'd prefer to decouple my email / phone / etc from the ownership of some credential / identifier I was expecting a lot more of the HN crowd to say this and I understand it. I think technical people who find DNS TXT trivial, could prefer the extra layer – creating a new record for each service provider (btw, you could still do that by specifying a provider in the Domain Verification record). Ideally this solution would help those that hit friction (or insurmountable problems) creating DNS TXT records, because the records would be setup simply through the Domain Registrar. > If the Domain Verification spec required everything to render down to a single email address or phone number or whatever, it feels like it adds potentially complicated questions to how do you distill AWS access down to an email address or phone number? It doesn't. You can have as many Domain Verification records as you like, each with different permissions and expiry dates. > It just feels like the actual service validating the DNS info is potentially taking on a lot of responsibility / complexity with implementation. Implementation is incredibly simple – once email verification is dealt with, you could do it in 5-10 lines of code (hash, dns query, parse record). I agree that service providers could consider it an increase in responsibility but I think that's a trade off with better onboarding. |