Hi Scott, Thank you for your suggestion. Before I include it, I'd like to fully understand it.
You pointed out that a) "A server MAY alter or override status values set by a client, subject to local server policies" (RFC 5731), b) automated DNSSEC delegation trust maintenance may well be part of a server policy. However, DNSSEC delegation trust maintenance does not alter EPP statuses. Rather, the recommendation (with which you said you agree) is to perform DS automation (that is, change DS RRsets, not EPP statuses) even when clientUpdateProhibited or serverUpdateProhibited is set. So, while I think both (a) and (b) are true, I'm not sure how (a) is relevant for DS automation. I might have missed your point -- can you please elaborate? Thanks, Peter On 1/27/26 17:13, Hollenbeck, Scott wrote:
The document is in good shape. Section 4 discusses "Registration Locks", and cites RFC 5731. I agree with the recommendations, but the analysis is missing a key point from Section 2.3 of 5731. As stated there: "A server MAY alter or override status values set by a client, subject to local server policies. The status of an object MAY change as a result of either a client-initiated transform command or an action performed by a server operator." Automated DNSSEC delegation trust maintenance may well be part of a server policy. These statements make it very clear that a server operator can override client-set status values subject to local server policies, and as such I think it would be helpful to note this text from 5731 in Section 4.2.2 of the draft. I also think it would be very helpful to add text that describes what a registry server operator should do if they perform an update that overrides a client-set status value. A server operator that supports EPP could notify a client using the message polling service described in Section 2.9.2.3 of RFC 5730. Perhaps something like this could be added as the last paragraph in Section 4.2.2: "Section 2.3 of RFC 5731 [RFC5731] explicitly notes that an EPP server operator may override status values set by a client, subject to local server policies. There is, however, a risk of confusion if the server operator performs actions that override the status values set by a client. This risk can be mitigated by informing the client of automated actions taken buy the server using the polling service described in Section 2.9.2.3 of RFC 5730 [RFC5730]." Scott _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
-- Like our community service? 💛 Please consider donating at https://desec.io/ deSEC e.V. Möckernstraße 74 10965 Berlin Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
