On Apr 19, 2013, at 15:02, Paul Wouters wrote: > > We don't need the CDS to do that. We already have EPP for that. We _are_ > trying to automate this. That's the whole point of CDS.
No, "we" don't. "I'm" a DNS service operator. "I'm" not a registrar. There is no EPP server that will accept a connection from us (if we had an EPP client.) Please remember that the entire world is not subject to ICANN requirements nor follows it's advice. (This is not a slam on ICANN, their heart is in the right place. But they are not a monopoly.) It's not "our" choice anyway. Imagine that I am serving a customer base that collectively has 10 delegations in each and every TLD out there. And some customers are just subdomains of an enterprise DNS set up. Think about that end of the connection. In as much as a the Internet is not the Web...for DNS operators, CDS could fill a gap that is not currently addressed. > That's fine. Don't publish CDS as a child, or ignore CDS as a parent. How do my customers then get the DS from our servers to their registration systems (registrars with EPP or not)? The state of the art is cut and paste for most. Without a standard here, we are stuck with a lowest common denominator situation. > If the KSK is compromised, they likely can redirect email too, so making > a registry password reset is not that far off either. This expression is an example of what I'm trying to fight. The IETF should not assume anything about how operators work. Seriously. I have to sound insulting, but does the IETF really think operators are idiots? This is why I'm so frustrated. We protect our businesses. For the most part, "things work." From what I see on these lists I'd think that all that operators ever do is fraught with peril and nothing is progressing. I.e., don't assume that email is the only way we communicate. Don't assume registry passwords are protected one way or another... Sorry - it's Friday. It's been a long week. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
