[On request from Olaf, also dnsop is included:ed]
I think this discussion have derailed a bit, while on the other hand
explained somewhat to me what things are really creating problems.
We have a problem when a domain changes hands and the private DS key
in some way is changed, should be
-Original Message-
From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of
Subject: [DNSOP] Problems with DS change in registry/registrar environment
Is this summary at least partially correct?
Partially, yes.
I agree with you that there is no match between DNS
On 30 jun 2009, at 12.02, Antoin Verschuren wrote:
So let's not discuss the mixing up of roles like registrar,
registrants, dns-operators, etc.
The only reason they matter is because in practice:
Where have you got these numbers from?
-95% of registrar changes INVOLVE a change of DNS
On Tue, Jun 30, 2009 at 08:36:47AM +0200, Patrik Fältström wrote:
[On request from Olaf, also dnsop is included:ed]
hat dnsop co-chair
The discussion and input is very wolcome in DNSOP. For reasons related
to Note Well http://www.ietf.org/maillist.html we'll not be able to
routinely approve
Hi,
Just new in the dnsop wg tools page:
http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-00
This is the same version as draft-wijngaards-dnsext-trust-history-03,
but moved to the DNSOP wg. I would like to request adoption of the
document.
Why? I want to enable end users to use
On Tue, 30 Jun 2009, Patrik Fältström wrote:
A.3. Have the registry remove DS implicitly if domain is transferred to
registrar that does NOT handle DNSSEC.
My suggestion is that we look carefully on option A.3. This does not imply
any changes to any pieces of the protocol, deployed operation
In message list-17781...@execdsl.com, =?WINDOWS-1252?Q?Patrik_F=E4ltstr=F6m?=
writes:
On 30 jun 2009, at 12.02, Antoin Verschuren wrote:
So let's not discuss the mixing up of roles like registrar, =20
registrants, dns-operators, etc.
The only reason they matter is because in practice:
On Wed, 1 Jul 2009, Mark Andrews wrote:
Validators shouldn't have to refetch DS records to work
around a broken key rollover.
[ process where everyone co-operates and lives happilly and forever after ]
This is just not going to happen, and any modifications to the validators
In message 4a4a292d.20...@digsys.bg, Daniel Kalchev writes:
Mark Andrews wrote:
This is simultaneous roll of KSK and ZSK keys. You introduce
the keys the *same* way as you would with a single operator.
The new operator generates new keys. The are added to the