Warren Kumari, Monday, February 18, 2013 4:36 PM: > Hi all, > > This is a compilation of two earlier drafts, draft-barwood-dnsop-ds- > publish and draft-wkumari-dnsop-ezkeyroll. > > The basic idea remains the same -- allow operators to publish new (and > standby) DS records at the parent by publishing them in their zone, > signed with their current key. > > This new draft explains the problem a little better, and also that, in > the "registries shouldn't talk to registrars" model the registrar can > do the magic instead.
I support this effort and think it would be very useful. However there are a few areas that I think needs additional work. I think you need to better explain how old DS records are removed. Would it be possible to make the 'going unsigned' method more granular so that you can use it to specify individual DS records? Thanks, Stephan _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
