Op donderdag 30-09-2010 om 16:39 uur [tijdzone +0100], schreef Stephen Morris: > > The working group adopted the draft last year but since then there has been > little discussion of it on the list. With DNSSEC at last looking as if it is > really starting to take off, this is a timely document. Please have a look > at it and give feedback.
We have used the draft dps framework to write down our DPS when we
introduced DNSSEC for .nl.
We are currently rewriting our DPS to include DS/DNSKEY submission into
our zone, and we encountered a missing comunity in the outline in
section 5. In our DPS, we are defining a dns-operator as an entity that
needs to be defined seperately from an administrative
registry/registrar/registrant definition as sugested in the outline. I
would strongly suggest to include a technical dns-operator definition in
the outline, so that section 3 of the outline will be:
1.3. Community and Applicability
1.3.1. Registry
1.3.2. Registrar
1.3.3. Registrant
1.3.4. Zone maintainer
1.3.5. Relying Party
1.3.6. Auditor
1.3.7. Applicability
We're still in discussion if we need to separate zone operator (only running
the DNS server infrastructure) and zone maintainer (who is able to change the
zone's content), or that we can come up with a definition that clearly defines
the entity that is controlling the access to the zone, and can insert RR's and
reload the zone when necessary for DNSSEC maintenance.
My personal opinion is that we need to define an entity that can
add/remove/change DNSKEY RR's and can push the button to resign the zone, and
when he does, can communicate that to the parent zone through registrar,
registrant, registry or any combination of those.
--
Antoin Verschuren
Technical Policy Advisor SIDN
Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands
P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970
mailto:[email protected] xmpp:[email protected]
http://www.sidn.nl/
signature.asc
Description: Dit berichtdeel is digitaal ondertekend
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
