On 2011-07-08, at 14:03, Stephen Morris wrote:
> If the answer is yes, then the CDS approach is certainly one to be
> looked at. The answer also suggests that we should be looking at an
> equivalent mechanism for updating NS (and possibly glue) information in
> the parent zone. Perhaps all can be done under a single framework?
If that's the direction we're looking in, then delegation scaffolding (NS and
DS) seems like just the beginning; perhaps we need to consider the possibility
of zone managers pushing signed registry ("whois") metadata from the DNS back
into the registry as well. I'm not convinced that's sensible, but it seems
helpful to find out how deep the rabbit hole goes if we want to properly scope
the problem space.
A zone -> registry data flow might at least provide some incentive for DNSSEC
deployment, if it represented a simplification for the registry interaction
required by DNS service providers.
On the other hand, if this is an effect a short-cut between registry and
registrant (or by the registrant's agent, in the case of third-party
signing/hosting of zones) then we might discover that it's contractually
infeasible for any gTLD registry to support.
> If the answer is no, then along with publishing a mechanism for the
> automatic update of DS records, should we be providing guidance on when
> to use that and when to use EPP/Web/Email?
>
> Don't get me wrong, I don't want any unnecessary delay. But if it turns
> out that what is being addressed is part of a larger problem, it's worth
> looking first to see if there is a general solution.
+1
Joe
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
