On Fri, Mar 30, 2018 at 1:47 AM, Yoshiro YONEYA <yoshiro.yon...@jprs.co.jp> wrote:
> Hi Shumon, > > Thank you for starting good document. > I think this document is also useful for DNS provider transfer (or > Registrar transfer) without causing DNSSEC insecure state. Good > thing is that this document doesn't depend on EPP (can be used with > TLDs who doesn't employing EPP). Thanks! Yes, I agree. Although the main goal of the document is to describe a steady state configuration involving multiple signing operators, the key management methods described can also aid non-disruptive transfer of operation from one provider to another. I already had on my TODO list to eventually add a section on provider migration, but I haven't gotten there yet. Regarding EPP, a zone owner deploying one of the multi provider models may have to use EPP for bootstrapping the DS RRset contents, if the zone in question is an SLD and they are under a TLD that uses or requires it. But as you say, not all TLDs use EPP, and the document doesn't express a point of view or requirement on this topic. For the managed DNS providers themselves, we simply say that they need to provide some sort of API for ZSK or DNSKEY import. In theory that could be EPP, but more commonly is some sort of REST/Web based API. It could also be UPDATE I suppose if they supported it. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
