> On Apr 7, 2016, at 5:33 PM, John Levine <jo...@taugh.com> wrote: > >> We could have written >> “After observing CDS records for 15 days or 2 resigning cycles which ever is >> longer, accept them and upload DS” >> Is that better ? >> It sets expectations > > I think my users (the ones who know about DNSSEC) would not be happy > to hear that their entirely valid signed zone won't be verifiable for > two weeks, just because I am not as cool as some others are. > >> But there is the case Parent happens to know the operator of the domain and >> via out of band knowledge can be >> sure the domain is operated a that party. In this case the upload should not >> suffer any delay. > > It needs to be stronger than that, define a small set of automatable > ways (ideally just one) that the uncool child can verify its bona > fides to the parent. It's fine for domains to opt out of them for > security reasons, but in most cases where the registration is only > secured by a password, it'll be fine. > > > R's, > John
John, does the challenge mode addresses your concerns? i.e. parent gives the “uncool” operator something to insert into the zone to prove they can change the zone. Olafur _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
