Responding to a message at random ...
With respect to all of those who are involved and highly motivated in
this topic I continue to think that it is a solution in search of a
problem. The DNSKEY needs to be in the child zone, and we know that
parents have varying requirements for how they handle the DS record(s).
Further, it's not at all clear that the gTLD RRA framework is even going
to allow direct communication between the parent registry and the child
domain holder*.
What's actually missing is a signaling mechanism from the child to the
parent. It's not clear that DNS is able to provide this solution. But if
it turns out that it can, a more general mechanism would provide a lot
more utility (ROI) so the ability to handle DNSKEY and NS at least,
along with an extensible mechanism to handle what other records may come
down the pike which need to be coordinated between parent and child.
Doug
* Yes, I realize that there would be utility for child domains within
the same organization, but I don't think that the limited amount of
utility makes it worth the effort.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
