Re: [DNSOP] automatic update of DS records

Tue, 02 Mar 2010 10:09:24 -0800 

At Tue, 2 Mar 2010 16:53:53 +0100, Antoin Verschuren wrote:

> The path is usualy even more complicated.
> I've identified this stream of contractual relationships in a
> registration process:
>
> registry-registrar-reseller-registrant-dns_operator
>
> (some roles may be duplicated or absent, some market players
>  may perform 2 or more roles at once, ...
> ...

Don't we talk about pushing the information from the child
to the parent?
So there's one more logical entity involved; most likely this way:

 vvvvvvvvvvvvvvv                                       vvvvvvvvvvvvv
 dns_op(parent)-registry-registrar-reseller-registrant-dns_op(child)

The dns_op(child) might alternatively have a direct contractual
relationship with the reseller, registrar, or even registry instead
-- depending on business model, regulation, location in the DNS tree,
etc.
Many of {registrant, reseller, registrar} will not be interested
in tracing or even seeing the DNSSEC 'anchor' data passing by,
or might not even be on the administrative path "naturally"
being taken by the data (in the alternative cases).
The only party doubtlessly interested in such seems to be the
responsible for the parent zone content, i.e. the registry.

But that does not exclude a priori direct in-band communication
between dns_op(child) and dns_op(parent), with a 'gating' function
located at the registry for the actual updates at the parent
(similar to the way how NTIA acts on the root zone).

Thus one _possible_ communication model might be:

 dns_op(parent) registry registrar reseller registrant dns_op(child)
    ^    \_<_b_>__/                                         |
    |                        a                              |
    `-------------------------------------------------------'

o   a could be in-band with good authentication and integrity protection
    (or RFC 1149/2549, if needed/preferred),

o   b could be EPP (+ suitable extension); and

o   the workflow management within dns_op(parent) is a local matter.


Kind regards,
  Alfred.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  a...@tr-sys.de                     |
+------------------------+--------------------------------------------+

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to