Hello for the first time!
I'm a bit new to this IETF stuff, but a
long time "participant" in the world of DNS. I was pointed to this
list by a friend, and in reading some of the more recent threads I felt
compelled to jump in (I hope this sort of participation is copacetic).
On Tue, 9 Jul 2013, Dickson, Brian wrote:
>
> to a different set, tools are likely better than doing it manually. CDS
> addresses the DS/DNSKEY part, but leaves the NS part unchanged.
>
> It's a problem which I presume exists or might exist, which goes along
> with the CDS problem: how do you automate "X", where "X" is currently
> done via web form? ("Automate" might merely be "integrate into a
> provisioning
> system").
>
> I don't know if the problem actually exists, so until someone says,
> "Yeah, it is a problem", it is probably premature.
>
> You mean all the lame delegations in the world doesn't show an actual
> problem? I'm not sure I'm understanding you.
Why would this not be a problem? I feel that Paul seems exactly right. Losing
synchronization between the NS set and the crypto RRs (DS/DNSKEYs) seems like
an alarming prospect (if I read Mr. Dickson's response right). In other words,
"Yeah, it is a problem."
jl
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
