At 0:42 +0000 3/3/10, [email protected] wrote:
hum... maybe I should be hounding Ed on this... but I think we should
draw a bright line... we are (imho) talking about pushing DS records
from child to parent. entirely w/in the perview of the DNS
protocol/wg.
for non-DNSprotocol players
(registries/registrars/registrants) that use
EPP or its varients for pushing DNS data around - thats not w/in scope.
at least for this WG's consideration.
If you want to just get the DS from the child's servers to the
parent's machines, we already have queries/responses and can secure
that with TSIG or SIG(0). What is there to solve?
There's certainly a larger problem to solve though - and yes it's not
in the charter of this group.
At 12:34 +1100 3/3/10, Mark Andrews wrote:
I recommend something that is UPDATE + TSIG like. The child's key manager
component can send the updates.
With the concern about keeping key management separate from the
Internet, opening up the master server for across-the-'net dynamic
update to insert a DS record seems a bit counter-productive. This
certainly wouldn't fly for "large" TLDs, it might be applicable for
informal environments.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
