Nothing in the HTTP spec prevents DELETE from carrying a request entity but it states:
The DELETE method requests that the origin server delete the resource identified by the Request-URI.
So your idea to use two query parameters sounds like the best option to me.