Dear DNSOP, There are a number of loose ends regarding CDS/CDNSKEY automation, and various implementers have made different choices. Examples are questions around validity checks, timing, error reporting, locks, etc.
Some gTLD registries have undertaken to deploy CDS automation [1], but ICANN has pointed out that these issues will first have to be resolved before DS automation will be allowed functionality in the gTLD space. This seems like a reasonable position for maximizing interoperability and minimizing surprise. The insight about these concerns and the resulting "dependency" crystalized in consultations around the creation of SAC126 [2]. As a result, the report lists them; this draft now picks up the open issues and attempts to address them. Looking forward to your feedback. Best, Peter [1]: https://www.icann-hamster.nl/ham/soac/ssac/dnssec/icann76/4.5%20Bauland%20-%20CDNSKEY%20Support%20in%20TANGO%20Registry%20Services.pdf [2]: https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-126-16-08-2024-en.pdf -------- Forwarded Message -------- Subject: New Version Notification for draft-shetho-dnsop-ds-automation-00.txt Date: Wed, 30 Apr 2025 11:16:16 -0700 From: internet-dra...@ietf.org To: Peter Thomassen <pe...@desec.io>, Steve Sheng <steve.sh...@gmail.com> A new version of Internet-Draft draft-shetho-dnsop-ds-automation-00.txt has been successfully submitted by Peter Thomassen and posted to the IETF repository. Name: draft-shetho-dnsop-ds-automation Revision: 00 Title: Best Practice Recommendations for DS Automation Date: 2025-04-30 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/archive/id/draft-shetho-dnsop-ds-automation-00.txt Status: https://datatracker.ietf.org/doc/draft-shetho-dnsop-ds-automation/ HTML: https://www.ietf.org/archive/id/draft-shetho-dnsop-ds-automation-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-shetho-dnsop-ds-automation Abstract: Enabling support for automatic acceptance of DS parameters from the Child DNS operator (via RFCs 7344, 8078, 9615) requires the parent operator, often a registry or registrar, to make a number of technical decisions. This document describes recommendations for new deployments of such DS automation. The IETF Secretariat _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
