On 2013-03-13, at 12:26, Doug Barton <[email protected]> wrote: > On 03/13/2013 07:45 AM, Joe Abley wrote: >> 1. Because not all parents (by policy) construct DS records on behalf >> of children; > > So how likely are those parents to utilize CDS records to auto-publish DS? > Or, put more simply, Do we have any indication that registry operators will > actually use this? I know that registries are not the only zone parents, but > without some significant buy-in from them I think that regardless of the > merits of this idea it may be of low utility.
I am not a lawyer, but I understand that some interpretations of public gTLD contracts would prohibit registries from exchanging registry data directly with registrants (registrants should deal with registrars). However, there's nothing to stop registrars making arrangements with their registrants to receive change requests via signed RRSets. It may that for gTLDs (and other TLDs in a similar sitaution), we don't need buy-in from lots of registries; we need buy in from a registrar. The question of how likely it is that anybody will implement this is difficult to answer without time travel capability. However, if there's no standardised mechansm, I think chances are good that nobody will implement anything. >> 2. Because sometimes you want to publish DS RRs in your parent that >> correspond to standby keys that are not published in the child. > > If the parents are actually using some method of accepting signals from the > child to scrape the zone (whether CDS; actual scraping of NS, DNSKEY, etc.; > or some other method) wouldn't that lower the barrier to entry for standby > keys? I don't understand the question. What does "lower the barrier to entry for standby keys" mean? Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
