Olaf, I don't see something in the issue list about operational practices when transferring a zone between DNS operators. I would like to have this taken up in this document.
To elaborate a bit: What is the BCP when transferring a domain between registrars/dns-operators is something we are facing as a registry. The situation occurs where an old dns-operator does not want to expose his private key to a new operator or even the registrant, and let's be honest, a registrant normally does not even understand DNS, let alone DNSSEC. One of the solutions could be to temporary have 2 DS records at the parent, to accommodate data from the old registrar/dns-operator that is still present in caches, and remove the old DS record after some time when all the caches are updated. This will need a careful design of TTL's and expiration timers that should be mandated by the registry to their registrars so a registrant has a way to transfer domains between registrars without becoming insecure. For us as a registry this is a major operational issue because we guarantee there is no registrar lock-in for any registrant when choosing it's registrar. Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310 PO Box 5022 6802 EA Arnhem The Netherlands T +31 26 3525500 F +31 26 3525505 M +31 6 23368970 E [EMAIL PROTECTED] W http://www.sidn.nl/ > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Olaf Kolkman > Sent: Saturday, November 15, 2008 10:28 PM > To: Paul Hoffman > Cc: [email protected] > Subject: Re: [DNSOP] Proposals for specific changes in 4641bis > > > On Sep 28, 2008, at 11:06 PM, Paul Hoffman wrote: > > > > > > Of course, others might have additional changes they want. Olaf said > > that he would consider the changes and possibly produce a first > > draft of 4641bis before Minneapolis. > > > > > I guess I owe the group a small update. > > A few things happened with respect to this. > - I've created a version 00 draft that is content wise equal to > RFC4641, except for the fact that errata are corrected. That would > make it possible to follow the history for the working group in a > fairly open and consistent way. I have not posted that draft because > it will only start to be useful when version 1 is posted. > > However the work has been done and the XML can be found at: > https://www.nlnetlabs.nl/svn/rfc4641bis/tags/version-00/ > > - I've create an SVN repository to keep track of things. For each open > issues I've created a file in the > https://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ > directory. The plan is to keep an audit trail for those issues in > these files. > > So the framework for the work has been set up but no actual work has > been done yet. I hope to find a bit more time for that in the next > quarter. > > --Olaf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
