-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Op 19-02-13 18:20, Jacques Latour schreef: > Another "what if scenario" for bypassing the EPP keyrelay with > automation, what if there was a CKEYRELAY record pointing to the > gaining DNS operator name servers, where the parent zone operator > can grab the new DS record to be pre-published prior DNS operator > transfer?
This does not work as there is no chain of trust yet to the gaining DNS operator. This proposal only works when changes are made that are in the current chain of trust with the current DNS operator. The challenge with EPP keyrelay is to get the key from the gaining dns operator delivered to the current operator so that it becomes a second chain of trust after it is inserted in the current delegated zone. - -- Antoin Verschuren Technical Policy Advisor SIDN Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 M: +31 6 23368970 Mailto: [email protected] XMPP: [email protected] HTTP://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJRKzbZAAoJEDqHrM883Agn0pUIAMNWf9Zf61CHAquOAfx8bRia jK81GhCJVMlGgSPJIMddP+8vyFcKZcZZ9DxDiOypm46xCPNRwGTFi8TFjCTlocDj 3br/HlwklbyfPRie1BMvNt2T0VN1OfZIqpc9JLrHm+aI1gnRn7+O27WcY//8pTVb bcnOf6NN0ix1kVdgknQ2OaKXIj+onpJYbYkFp1YXsqL+kVTbiynYO7oWN+RQjeiL dT7c2tTBCQXNUR0b3NNodQAeuL67tFLyLBbK/bL9gKBZ2n37gVJCgGATGmsw/Ay/ ocD7F4wO0wSehSwLmUDW+Jlen+Ss6M2A5y6QNylqTS5MeO8hfttfuFKpwj8CwuI= =AXsW -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
