> -----Original Message----- > From: Andrew Newton <a...@hxr.us> > Sent: Thursday, July 13, 2023 1:00 PM > To: Hollenbeck, Scott <shollenb...@verisign.com> > Cc: brian.peter.dick...@gmail.com; dnsop@ietf.org; Registration Protocols > Extensions <reg...@ietf.org> > Subject: [EXTERNAL] Re: [DNSOP] Best Practices for Managing Existing > Delegations When Deleting a Domain or Host > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content is > safe. > > +regext > > IMHO, this draft should take a position on which is the actual best (even if > not > current) practice, and then provide arguments to that point. Or maybe > provide > pros/cons for each, because evaluating which to do has different criteria > for > different people.
[SAH] We'd like to get there with community input. Consider what's in the draft now as an attempt to prompt discussion. > Also, I don't believe either of the items listed in section 6 are "best". > > A client sponsored sacrificial nameserver means that a registrar must > establish > security practices around that nameserver over the lifetime of all domains > using it. Additionally, can registrar A simply start using the sacrificial > nameserver of registrar B? I don't know, but if so then that's not good. [SAH] Maybe "better than the practices to be discouraged" is a better way to describe them. I like the idea of adding pros and cons to better explain how even "better" or "best" practices might not be enough to remove all risk. > WRT to behavioral changes in EPP, the downside is that registrars will need > to > keep track of which registries implement the new behavior as it is unlikely > that > all registries will switch at the same time. And EPP changes may require > downstream changes in customer portals, etc... [SAH] Yes, but we do have experience with deploying EPP extensions. I think this part is manageable. Scott _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
