----- Original Message ----- From: "Mark Andrews" <[email protected]> To: "Shane Kerr" <[email protected]> Cc: "Wolfgang Nagele" <[email protected]>; <[email protected]> Sent: Friday, July 02, 2010 4:42 AM Subject: Re: [DNSOP] Fwd: New Version Notificationfordraft-mekking-dnsop-auto-cpsync-00
[snip] >> I do think that George's approach only makes sense if some more work is >> done fleshing out the actual algorithm the parent uses. For example, >> what happens when some of the child name servers disagree? The algorithm >> need not be too complex, but the devil is in the details. > > So what's so hard about: > > nsupdate > key isc.org <secret> > update delete isc.org DS > update add isc.org 86400 DS ... > update add isc.org 86400 DS ... > send > > to update the DS's? This implies extra infrastructure to generate and securely transmit <secret> between the parent and child, and administrative activity to set this up somehow. The publication method does not imply any administrative action other than updating the DNS software and activating the DNSSEC feature. - George _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
