Edward Lewis <[email protected]> writes:
> My response is that the CDS should not automatically cause a change to the
> DS, just marshall the data.
>
> I am pushing to rely on a second factor (the security over the c&c
> channel to the parent) to verify the request.
Nothing is preventing that from happening too. IE, there is nothing in
the existing document that prevents a registar or other parent from
putting this on their webpage:
Update the DS record when (pick one):
[ ] Ever a properly signed CDS record exists
[ ] Ever a properly signed CDS record exists and I click an OK button here
[ ] Never. I enjoy the ctrl-v experience.
There is still no point in mandating that an auto-accept can't happen
for those that want to. There is no point in pushing that option into
the spec itself; the parent already has a database of options the child
wants. The parent already has the ability to require a user to push an
OK button if it wants it. So does the child (assuming the parent has a
radio-dialog as indicated above).
There is nothing preventing a CDS record from doing both automated
marshaling and accept *or* just automated marshaling.
--
Wes Hardaker
SPARTA, Inc.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
