I noticed the -02 of this draft go by yesterday. It's a very rough version of a DNSSEC key record bootstrap design in which the operator of the delegated zone pokes the operator of the upper level zone using http, which tells the upper level zone to import keys from the delegated zone's CDS and CDNSKEY records.
Is there much interest in this? On my tiny DNS server I have over 100 signed zones where I can't install the upper level DS records because I'm not the registrant, I'm just running their DNS. It would be nice to have a way to do that that scales better than walking each of the registrants through their registrars' DNSSEC update processes. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
