On 2 Mar 2016, at 16:20, John R Levine wrote: >>> The other half are not usable with DNSSEC because there is no way for >>> me to install the DS -- I'm running the DNS for domains other people >>> have registered at other registrars, so those registrars won't talk to >>> me. >> >> ...and the people you talk with have not added you as a tech contact? > > It doesn't matter -- I don't have the password to log into their registrar > account.
Ok, my point was that a tech contact should have their own log in. It has in
the Frobbit system ;-)
>> But the registrars issue I, speaking as a registrar, will not be sorted out
>> before registries _also_ start to move to a harmonized management of DNSSEC.
>> Registrars make for example in Sweden about $1/domain name while the
>> registry charge $10/domain.
>
> This isn't just an issue for registrants and registrars; it's a problem
> wherever the operator of one zone delegates a subzone to someone else with
> whom they don't have a side channel to exchange the signing key.
100% agree.
But just to close this, I did not want to restart a discussion between the ones
that are more optimistic and less optimistic about DNSSEC or IPv6. I just
wanted to say that I personally for DNSSEC think we will not get forward
movement faster than software get the features by default so that one have to
turn off things to not use it. For that to happen, yes, many many things are
still to be resolved. For example side channel for the DS (which we have a
suggestion on how to implement, by publication of the key material in the zone
itself).
Glacier speed indeed...
paf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
