-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > -----Original Message----- > From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of > Edward Lewis > Subject: Re: [DNSOP] automatic update of DS records > > For registries that deal exclusively with registrars, the > registrant's DNS operator has to know how to get the DS to the > registrar (who in turn will use some other protocol to reach the > registry).
The path is usualy even more complicated. I've identified this stream of contractual relationships in a registration process: registry-registrar-reseller-registrant-dns_operator (some roles may be duplicated or absent, some market players may perform 2 or more roles at once, but this is their contractual relationship) > Unfortunately, I doubt that many registrars will be at the IETF. > (Maybe they will be.) This means we might not get the word out to > those who should help shape the requirements for this. The question is whether we need to follow this administrative path. Queries don't follow this administrative path. DNSSEC validation doesn't follow this administrative path. So why should DS_updates follow this administrative path ? NS updates (technical information) -at this moment- only follow this administrative path because of a lack of a different secure channel. If there was a secure channel between child and parent (like with DNSSEC), then none of the administrative channels would need to process NS updates or other technical updates. The only thing where we still need the administrative channel is for: - -administrative updates, ownership, contractual relations, everything not DNS. - -Bootstrapping (the first NS and DS set sent to the registry) - -Emergency error resolution I believe that the administrative channel is not waiting to process NS, DS or other technical updates. It does not bring them money, it costs them money, and there is a strict QOS to be met. Some players in the administrative path (pure resellers, pure registrants) are not even capable or knowledgeable enough to process this technical information. There is in fact more customers to be lost when you do it wrong, than can be gained by doing it right. Automate it. Over DNS. Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:antoin.verschu...@sidn.nl xmpp:ant...@jabber.sidn.nl http://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: 9.6.3 (Build 3017) wsBVAwUBS400kTqHrM883AgnAQjHoQgApXIX6vnEgGZ9OyLFKMPKAckWlwuhtx+J dhV6Hy9gB14Dbroi9GfB/M2ZhgG2PSWdHaIrBMl0okW70eGpJGlEBiq36UPoVeUJ eeWoInSRxNNgxFIR4Ciioy+w2YOagH+cXe0UjqYwXErcGC6kDNta5WrdDoU50AfI nXtUek+hFn04iAsS71uSdAy9jQR20KAh4tjphJiZMH09T1JTYbIKgKzSzTwJjBB/ Muzs58UVbYbbsHqW88PPhPrW9i2zV5L77Y7Fdlgm4STWc2hi00hjlcnLO8+PC0Mg AAfotRsup3RQz0Il7by2ZzP3r2RGfRjrBtiok3JhogJkm0VSsGnQuA== =qbGi -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
