Hello,
I've recently come across a case in the context of CDS/CDNSKEY and I'm
unsure what is the best/correct way to handle the situation.
CDS/CDNSKEY records are meant to notify the registry about a change in
the DS/DNSKEY records, similar to sending an EPP request.
What should the registry do, if
1. the serverUpdateProhibited EPP state is set?
2. the clientUpdateProhibited EPP state is set?
I tend to say that in Case 1, the domain may not be changed at all and
as a consequence CDS/CDNSKEYs should be ignored.
For Case 2 my preference is that this is only a kind of safeguard
against unintended changes by the registrar, and the DNSSEC update is
most likely intended and should go through. Furthermore, some registrars
might set this state regularly, which would then take away the
registrant's possibility to roll over their DNSKEY. This most likely is
not intended.
However, one could of course argue: update prohibited means update
prohibited, and as long as that state is set, no changes (other than
removing this state) should be possible.
What do others think about these cases?
Cheers,
Michael
--
____________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeisser-Weg 9
44227 Dortmund
Germany
Dipl.-Informatiker Fon: +49 231 9703-0
Fax: +49 231 9703-200
Dr. Michael Bauland SIP: [email protected]
Software Development E-mail: [email protected]
Register Court:
Amtsgericht Dortmund, HRB 13728
Chief Executive Officers:
Dietmar Knipp, Elmar Knipp
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
