>get confirmation is to query the parent zone. So how would the parent >"send a notification requesting a confirmation" (section 3.2) or >"instruct the requestor to insert some record into the child domain" >(section 3.4)?
That part definitely needs to be finished. There are a lot of us small DNS providers and while I don't care what the mechanism is, there needs to be some way to do automated signalling back and forth that doesn't depend on the parent already knowing and trusting the entity that runs the child zone. >It could use the same CDS approach and put it in some new resource >records in the parent zone (just stick it in the DNS ;)). Sure, give or take ensuring it doesn't run fatally afoul of ICANN rules about what can go in TLD zones. (The rules can likely be changed, but if that's what we need, there has to be a plan.) >- Nit: The abstract gives the reader the feeling that initial trust is a >very hard problem, but then section 1.2 says it can be easily solved >with some simplifying assumptions :) Perhaps you meant to say that it is >hard to solve technically unless some reasonable policies can be assumed. I think the assumptions were that there's a handful of large trustworthy DNS providers, which is true, but not an assumption we small trustworthy DNS providers like. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
