From e32ca134a2956b0de62282c17db782e54af7e3cb Mon Sep 17 00:00:00 2001 From: Ugur Cekmez Date: Mon, 1 Jun 2026 21:14:51 +0300 Subject: [PATCH] docs(spec): align the DNS-TXT discovery example with the implemented format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit §12.5 documented the record as `v=EEP1 did=` (space-separated, uppercase version, `did=` key), but the manifest schema (`discovery_hints.dns_txt_record`) and the reference parser (`@eep-dev/discovery` parseDnsTxtRecord) implement and test `v=eep1; manifest=`. The spec's own example was therefore rejected by the reference parser. Rewrite §12.5 to use the implemented, tested format and note the DID is resolved from the manifest. Surfaced by the EEP protocol audit (finding dns-txt-three-incompatible-formats). Co-Authored-By: Claude Opus 4.8 (1M context) Signed-off-by: Ugur Cekmez --- docs/current/SPECIFICATION.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/current/SPECIFICATION.md b/docs/current/SPECIFICATION.md index 5375599..1d429f7 100644 --- a/docs/current/SPECIFICATION.md +++ b/docs/current/SPECIFICATION.md @@ -1642,13 +1642,13 @@ The following fields are available in `eep.json` in addition to those defined in ## §12.5 DNS TXT Record Discovery (G20) -Agents MAY verify that a domain is a legitimate EEP participant by checking its DNS TXT record: +Agents MAY discover a domain's EEP manifest by checking its DNS TXT record at `_eep.`: ``` -_eep.publisher.example. IN TXT "v=EEP1 did=did:web:publisher.example" +_eep.publisher.example. IN TXT "v=eep1; manifest=https://publisher.example/.well-known/eep.json" ``` -**Format:** `v=EEP1 did=`. Agents SHOULD treat absence of this record as a trust signal downgrade but MUST NOT treat it as an outright rejection (DNS deployment takes time). +**Format:** `v=eep1; manifest=` — a version token (`eep1`) and `;`-separated `key=value` pairs; the `manifest` URL MUST be HTTPS. This is the format encoded by the manifest schema's `discovery_hints.dns_txt_record` field and parsed by the reference implementation (`@eep-dev/discovery` `parseDnsTxtRecord`); the publisher's DID is resolved from the manifest it points to. Agents SHOULD treat absence of this record as a trust-signal downgrade but MUST NOT treat it as an outright rejection (DNS deployment takes time). ---