On Apr 19, 2013, at 15:02, Paul Wouters wrote:
> 
> We don't need the CDS to do that. We already have EPP for that. We _are_
> trying to automate this. That's the whole point of CDS.

No, "we" don't.  "I'm" a DNS service operator.  "I'm" not a registrar.  There 
is no EPP server that will accept a connection from us (if we had an EPP 
client.)

Please remember that the entire world is not subject to ICANN requirements nor 
follows it's advice.  (This is not a slam on ICANN, their heart is in the right 
place.  But they are not a monopoly.)  It's not "our" choice anyway.  Imagine 
that I am serving a customer base that collectively has 10 delegations in each 
and every TLD out there.  And some customers are just subdomains of an 
enterprise DNS set up.  Think about that end of the connection.

In as much as a the Internet is not the Web...for DNS operators, CDS could fill 
a gap that is not currently addressed.

> That's fine. Don't publish CDS as a child, or ignore CDS as a parent.

How do my customers then get the DS from our servers to their registration 
systems (registrars with EPP or not)?  The state of the art is cut and paste 
for most.  Without a standard here, we are stuck with a lowest common 
denominator situation.

> If the KSK is compromised, they likely can redirect email too, so making
> a registry password reset is not that far off either.


This expression is an example of what I'm trying to fight.  The IETF should not 
assume anything about how operators work.  Seriously.

I have to sound insulting, but does the IETF really think operators are idiots? 
 This is why I'm so frustrated.  We protect our businesses.  For the most part, 
"things work."  From what I see on these lists I'd think that all that 
operators ever do is fraught with peril and nothing is progressing.  I.e., 
don't assume that email is the only way we communicate.  Don't assume registry 
passwords are protected one way or another...

Sorry - it's Friday.  It's been a long week.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

There are no answers - just tradeoffs, decisions, and responses.

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to