On Sun, Jun 11, 2023 at 8:09 PM Paul Wouters <p...@nohats.ca> wrote:
> > On Jun 10, 2023, at 15:42, Tim Wicinski <tjw.i...@gmail.com> wrote: > > > > > > All > > > > The chairs have been looking at two different drafts discussing the use > of using DNS NOTIFY to update DNSSEC information. > > Interesting, as the reason for using CDS et. all was because TLD operators > didn’t want to receive and process NOTIFYs. Has this changed ? > > Related also the infamous “triggers vs timers”, where most TLDs didn’t > want triggers. Has this changed? > > > We have some questions for the WG - if DNSOP adopted one of these, would > DNS server vendors implement it down the road? (We think so) > > I don’t think that’s the right question. What to TLD operators want? > What has changed is the start of some Registrars taking on the role of "agent" for Registrants doing DNSSEC. This mostly applies to CDS/CDNSKEY but might eventually also encompass some or all of CSYNC (modulo perhaps the update(s) being DNSSEC signed using an existing KSK). So, the NOTIFY target could be such an agent (Registrar) who then forwards the appropriate update to the TLD via EPP. I.e. the target would not be the TLD itself (directly). (This is very early in the discussions among experimenters/implementers, but certainly seems feasible, and might reduce latency on updates and load on agents.) Brian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
