> From: Jay Daley [mailto:j...@nzrs.net.nz] > Sent: Wednesday, March 03, 2010 1:54 PM > To: Stephan Lagerholm > Cc: Alex Bligh; Jaap Akkerhuis; matth...@nlnetlabs.nl; > bmann...@vacation.karoshi.com; Edward Lewis; Wolfgang Nagele; > dnsop@ietf.org > Subject: Re: [DNSOP] automatic update of DS records > > On 4/03/2010, at 8:27 AM, Stephan Lagerholm wrote: > > > Bad idea, what happens when one customer would like to move his domain > > from your name server to another name server. Do you give him your > > mega-key or do you tell him to break his chain of trust during the move? > > If those were the only two choices then that would be a disaster. Luckily > we have choice 3 - sign and publish his new keys to enable rollover >
Correct, but I have a hard time seeing that the loosing registrar would be that helpful. It is more realistic to think that they could provide access to the private key for their hosted customer. And in that case the key can not be shared among customers. /S ---------------------------------------------------------------------- Stephan Lagerholm Senior DNS Architect, M.Sc. ,CISSP Secure64 Software Corporation, www.secure64.com Cell: 469-834-3940 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
