Vernon Registrars are commercial entities. We support products / services for which there is a commercial demand.
Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 14 Jul 2012, at 19:28, "Vernon Schryver" <v...@rhyolite.com> wrote: >> they handled the DS submission via email > > There seem to be more than one registrar that claims to handle DNSSEC > via mail. Never mind security questions such as whether or how (e.g. > PGP vs. S/MIME) that mail is signed or there are other protections > against bad guy games. RFC 4641 suggests "planning for a key effectivity > on the order of a few months" for key signing keys. Negotiating with > a registrar's support mailbox every few months or even once every year > or two strikes me as at best impractical in a professional operational > (as opposed to vanity domain or test) setting. And what happens in an > emergency key rollover after you suspect that the computer with the > secret keys has been compromised or a less than amicable trusted > employee departure? As far as I'm concerned, the years old registar > answer to the "DNSSEC?" question of "send mail to support" is a > disingenuous effort to pass checklists. > > I don't understand why registrars are dragging their feet. To my > naive ears, transfer locking, "privacy guard", HTTP and mail > forwarding, and other de facto standard registrar services sound > harder than accepting and signing keys. But then I also don't > understand why it took them so long to start handling IPv6 glue. > > > Vernon Schryver v...@rhyolite.com > > P.S. Of course, given men in the middle and so forth, the HTTPS web > pages used by registrars to change NS and glue records are not very > secure...except compared to unauthenticated, trivially forged mail. > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
