On 4/03/2010, at 8:27 AM, Stephan Lagerholm wrote: > Bad idea, what happens when one customer would like to move his domain > from your name server to another name server. Do you give him your > mega-key or do you tell him to break his chain of trust during the move?
If those were the only two choices then that would be a disaster. Luckily we have choice 3 - sign and publish his new keys to enable rollover *Any* move from one DNS provider to another, where the DNS provider controls the key, means one of these three things: 1. DNS provider supplies they key 2. DNS provider cooperates in key rollover 3. break in chain of trust 2 is just as easy to automate as anything else. cheers Jay > > /S > ---------------------------------------------------------------------- > Stephan Lagerholm > Senior DNS Architect, M.Sc. ,CISSP > Secure64 Software Corporation, www.secure64.com > Cell: 469-834-3940 > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
