On Mon, Jul 16, 2018, at 21:08, Martin Casanova wrote:
> To be clear the domain info response will be sent just without the
> DNSSec part. Therefore a not DNSSec interested registrar will just not
> see the DNSSec configuration but all the rest of the domain info
> resData. I don't see a problem with that.
Here is the problem as already exposed: you may have registrars that do not
want to deal
with DNSSEC on a philosophical principle. They may want to specifically not try
to
transfer a currently DNSSEC enabled domain to them, because they know it will
break
resolution and they do not want to handle the customer saying that they broke
the domain.
Besides using the DNS, in your case, this registrar has no way to know in
advance
that the transfer will be a problem. And I suspect telling them 'Please be
DNSSEC
accredited with us and login with secDNS extension' will fall on a deaf ear.
> In case he is DNSSec enabled but still logs in without this extension he
> will get a failure with error message similar to “Not allowed to
> transfer DNSSec Domain” when trying to transfer a DNSSec domain to him.
What happens for a non-DNSSEC enabled registrar (and hence not using secDNS on
login)
when he tries to transfer to him a DNSSEC-enabled domain?
Is this refused?
Also to leave the discussion on track, this DNSSEC part of domain:info response
was only
one example of the same problem ("unhandled namespaces") outside of the poll
messages,
because I think the problem is global and we should tackle it globally (or not
at all
and leave it at the current status quo).
--
Patrick Mevzek
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
