On Apr 23, 2013, at 10:44, Warren Kumari wrote: > > Unfortunately the whole point of the CDS draft is to allow rolling of keys > without having to do the whole out-of-band thing.
What's really unfortunate is that the CDS record could be flexible enough to work with an out-of-band arrangement if the proposal well-designed, but if the document insists on weaving in an in-band only arrangement, the idea will flail. Opportunity to be useful is lost. > The problem statement is basically: "It is really annoying to have to go to > my registrar (or whatever other parental relationship I have) and click > through a whole bunch of screens to finally get to the place where I enter > the DS. I'm ok to do this once or twice, but having to do it <blargh> times > every <foo> sucks and so I just don't do it at all". For zones that operate under a mandate of the ICANN-style shared registry model, you can't bypass the registrar. If this is something that a registrar will make use of to allow it's customers to pass DS material to the parent, if there is not significant support from registrars then this will be a hollow proposal. My challenge then is to see demonstrated support from the registrars and sufficient adoption that there's pay off. Or else we wasting our time. I say that because it's been suggested that registrars would rather have registrants log in more often than less for other marketing reasons. (But I don't know, I'm just saying I've heard that.) . . . I see great potential in this proposal as the corner stone of a general approach to the problem. Weighing it down by tying it to one use case or one set of operational assumptions will not only kill it's payoff the weight will kill off the ability to use the important bits and pieces in a more general approach. That is why I bother thinking about CDS at all. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
