On 18/02/2013 19:05, Stephan Lagerholm wrote:
Warren Kumari, Monday, February 18, 2013 4:36 PM:
Hi all,
This is a compilation of two earlier drafts, draft-barwood-dnsop-ds-
publish and draft-wkumari-dnsop-ezkeyroll.
The basic idea remains the same -- allow operators to publish new (and
standby) DS records at the parent by publishing them in their zone,
signed with their current key.
This new draft explains the problem a little better, and also that, in
the "registries shouldn't talk to registrars" model the registrar can
do the magic instead.
I support this effort and think it would be very useful. However there
are a few areas that I think needs additional work. I think you need to
better explain how old DS records are removed. Would it be possible to
make the 'going unsigned' method more granular so that you can use it to
specify individual DS records?
Stephan,
Basically the @parental agent@ copies the contents of the CDS RRset
and replaces the existing DS set with the new one. .
So if you want to delete a particular DS record you remove it from the
CDS set.
Going Unsigned is to delete all the DS records no exceptions, we can not
use No CDS present as the semantics of that state is no changes to
current DS set.
Olafur
Thanks, Stephan
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
