On Mar 3, 2010, at 7:50 PM, Stephan Lagerholm wrote:
From: Jay Daley [mailto:[email protected]]
Sent: Wednesday, March 03, 2010 1:54 PM
To: Stephan Lagerholm
Cc: Alex Bligh; Jaap Akkerhuis; [email protected];
[email protected]; Edward Lewis; Wolfgang Nagele;
[email protected]
Subject: Re: [DNSOP] automatic update of DS records
On 4/03/2010, at 8:27 AM, Stephan Lagerholm wrote:
Bad idea, what happens when one customer would like to move his
domain
from your name server to another name server. Do you give him your
mega-key or do you tell him to break his chain of trust during the
move?
If those were the only two choices then that would be a disaster.
Luckily
we have choice 3 - sign and publish his new keys to enable rollover
Correct, but I have a hard time seeing that the loosing registrar
would
be that helpful. It is more realistic to think that they could provide
access to the private key for their hosted customer. And in that case
the key can not be shared among customers.
I agree the loosing registrar is unlikely to be much help. However,
that is something that the registrant needs to know when selecting
their registrar. Maybe some documentation providing advice to
registrants would be useful? I am not sure at what level this would
work. I suspect TLD operators might be best positioned to write this
kind of advice for registrants using their TLD.
John Dickinson
Sinodun Internet Technologies Ltd.
Stables 4, Suite 11
c/o HR Wallingford,
Howbery Park,
Wallingford,
Oxfordshire,
OX10 8BA,
U.K.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
