On 4/03/2010, at 8:50 AM, Stephan Lagerholm wrote: > Correct, but I have a hard time seeing that the loosing registrar would > be that helpful. It is more realistic to think that they could provide > access to the private key for their hosted customer. And in that case > the key can not be shared among customers.
On what basis do you think they would be unwilling to enable a rollover but willing to divulge a private key? Consider the tradeoff a DNS provider might make: Option 1. - a set of keys per customer to manage (scale issues) - divulge private key - can immediately shutdown zone on transfer away (though that too causes problems) Option 2. - only one set of keys across per signing infrastructure (probably per server) - automated key rollover - must maintain zone for a period after transfer to ensure continuity I know which one seems like less work to me. cheers Jay > > /S > ---------------------------------------------------------------------- > Stephan Lagerholm > Senior DNS Architect, M.Sc. ,CISSP > Secure64 Software Corporation, www.secure64.com > Cell: 469-834-3940 > -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
