On 3/2/2010 12:43 PM, Edward Lewis wrote:
> An omnibus reply.
A mini bus reply. :)
I've read through this thread and I generally agree with Ed's analysis.
Throwing in some more bullet points:
1. There MUST be an OOB (where the B is DNS) channel for initial zone
configuration, contact info changes, etc.
2. This channel already exists for Registrant/Admin/Billing/Technical
contact info, name servers, etc.
3. The existing elements of the channel that Antoin identified are all
familiar, and relatively comfortable with this channel, and get way more
stuff that flows through it right than they get wrong.
4. It's pretty easy to make the argument that DS records fit nicely into
that channel "like" NS records.
5. The very large number of misconfigured name servers out there now
argue strongly against considering DNS a "secure" channel.
6. There has to be an OOB mechanism for domain holders to enter DS key
data in any case to deal with emergencies, restarts, etc.
In my mind all of these points argue strongly against putting work into
this, even if the RRR channel was likely to adopt it, which I am
extremely skeptical about.
hth,
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
