On 30/06/2011 23:33, George Barwood wrote: > Is the earlier requirements draft from 2005 (linked above) substantially > incomplete in some way? > I think that would be a reasonable basis to measure, I would claim that the > CDS > record is capable of satisfying the requirements expressed there in a natural > way. > I also think the requirement is actually fairly clear - when implementing KSK > rollover, > you reach a point where it's clear that something is needed ( other than > asking > the operator to start cutting and pasting / interfacing with some out-of-band > system / whatever). > I doubt another cycle of requirements would be productive - we might be here > again in 6 years time!
I think Olafur summarised it quite succinctly: "So maybe we should be having a different discussion: Does DNSSEC obsolete updating NS and DS information via EPP/Web/Email ?" If the answer is yes, then the CDS approach is certainly one to be looked at. The answer also suggests that we should be looking at an equivalent mechanism for updating NS (and possibly glue) information in the parent zone. Perhaps all can be done under a single framework? If the answer is no, then along with publishing a mechanism for the automatic update of DS records, should we be providing guidance on when to use that and when to use EPP/Web/Email? Don't get me wrong, I don't want any unnecessary delay. But if it turns out that what is being addressed is part of a larger problem, it's worth looking first to see if there is a general solution. Stephen _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
