<hat wg-co-chair=on>
Is there anyone who would vehemently object to allowing EPP to support both record types and letting the users decide?
</hat>
I might, which is why I raised the question. As far as I can tell, DNSOP is the best place to reach "the users" which is why the question came here.
There are two reasons why I *might* object to having the DNSKEY option.
One is that it represents more complexity in the implementations than the "DS alone" option - implementations of EPP and registry/registrar application code.
The other is that the DNSKEY option needs some work in hammering out the document - e.g., what does the RRSIG cover? (Maybe the RRSIG isn't important to have?)
I am asking if there is a real situation in which the exchange of the DNSKEY can work and the DS key cannot work.
Marcos raised the points made in the IDN in EPP BOF. The temperature of that room was that there isn't a need to attempt to define one "true" path to IDN. The reason is that different registries were operating under different sets of incompatible requirements and that the chance of a unified technical approach was unlikely. Additionally, EPP would support multiple extensions to do this.
During the tail end of EPP work, there was a last minute addition to allow privacy to be "processed" at the client or the server - not just at the server. This was in response to an AD comment for more operational flexibility.
As far as -epp-secdns- I don't know of dissimilar, incompatible sets of requirements that would need two different approaches. 'Course, no one has mandated even one set of requirements either. ;)
Since "I don't know" - I'm asking. If we can eliminate the DNSKEY option, -epp-secdns- will move along a lot faster and toolkits will appear faster.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
I would have been at the meeting, but I was busy raking the leaves from the (now) empty non-terminals in my yard. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
