>>>>> "Stephane" == Stephane Bortzmeyer <[email protected]> writes: Stephane> I won't be in sunny British Columbia but I've read the drafts and I Stephane> have a philosophical question. You did not say clearly if the Stephane> delegated domain must be under an ISP's domain. If yes, it ties the Stephane> user to the ISP ("I've switched ISPs, use Stephane> <http://fridge.migault.free.fr/> and no longer Stephane> <http://fridge.migault.orange.fr/>"). If no, the ISP won't be able to Stephane> update the DNS delegation. IMHO, it would be a good idea to have a Stephane> high-level discussion of the service provided to the user, before Stephane> getting into protocol details.
This is an important concern, but given that 90% of residential
customers already have this problem with their email addresses, I do not
think it's a new issue. More clueful users have moved away from ISP
domains, and they will also do the same thing for their home networks.
So, we need to mandate those controls, and we need to think about
transition from one ISP to another, but the immense value of having
names automatically delegated from the ISP exceeds the pain of an
eventual switch.
Stephane> caches. Two possible solutions: have a very low TTL, or
Stephane> just say that
Stephane> it is the client's job to do rollovers properly (having two DS in
Stephane> parallel, etc). The second solution implies that the CPE includes
Stephane> rollover logic (like OpenDNSSEC does). DNSSEC in practice
Stephane> is hard and
Stephane> you may want to have two drafts, one without DNSSEC and
Stephane> one for DNSSEC
Stephane> gory details.
That's an interesting solution to the problem... "basic" and "secure" :-)
--
Michael Richardson <[email protected]>, Sandelman Software Works
pgpss1fTZLUmS.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
