In message , Joe Abley writes
:
>
> On 2010-05-13, at 22:32, Mark Andrews wrote:
>
> > Which is essentially registrar to registry. It really does not
> > make for a general solution to the problem unless every operator
> > of every zone that delegates any zone runs epp in addition to running
>
On 2010-05-13, at 22:32, Mark Andrews wrote:
> Which is essentially registrar to registry. It really does not
> make for a general solution to the problem unless every operator
> of every zone that delegates any zone runs epp in addition to running
> a DNS server.
Sure, but be aware that you're
In message <74ae2b2b-a09a-4fbf-b6c3-7eebe89ca...@hopcount.ca>, Joe Abley writes
:
>
> On 2010-05-13, at 19:33, Mark Andrews wrote:
>
> > There are lots of way to do this.
> > * Use UPDATE to update the delegation records in the parent.
> > This would work today it only requires a w
On 2010-05-13, at 22:13, Joe Abley wrote:
> ... and there's also the approach that is actually being implemented, which
> is described in RFC 4310.
Or 5910, since that seems to exist now. :-)
Internet Engineering Task Force (IETF) J. Gould
Request for Comments: 5910
On 2010-05-13, at 19:33, Mark Andrews wrote:
> There are lots of way to do this.
> * Use UPDATE to update the delegation records in the parent.
> This would work today it only requires a willingness to do so.
> This can be done securely (TSIG) and will scale.
>
In message <44c21cd9ee514b039eafeafa707a2...@local>, "George Barwood" writes:
>
> - Original Message -
> From: "Patrik Wallstrom"
> To: "George Barwood"
> Cc:
> Sent: Thursday, May 13, 2010 9:06 AM
> Subject: Re: [DNSOP] KSK rollover
>
>
>
> >On May 13, 2010, at 9:56 AM, George Bar
At 17:37 +0100 5/13/10, George Barwood wrote:
I'm somewhat puzzled that thre is no specification, and apparently no
activity on this.
http://www.ripe.net/ripe/meetings/ripe-59/presentations/lewis-dnssec.pdf
There's activity. There's no standard underway because of the
plethora of situations
> That is certainly relevant to rollover, but it doesn't specify any means
> by which the new DS records can be placed in the parent zone.
You're correct, there's no mechanism for doing this within the DNS. You
need to update DS records through your registrar just as you do with NS
records and gl
- Original Message -
From: "Patrik Wallstrom"
To: "George Barwood"
Cc:
Sent: Thursday, May 13, 2010 9:06 AM
Subject: Re: [DNSOP] KSK rollover
>On May 13, 2010, at 9:56 AM, George Barwood wrote:
>> I have been thinking about KSK rollover in my DNSSEC implementation, and it
>> seems
On May 13, 2010, at 9:56 AM, George Barwood wrote:
> I have been thinking about KSK rollover in my DNSSEC implementation, and it
> seems
> that there is currently no specification for KSK rollover within the DNSSEC
> protocol.
>
> There is this expired requirements draft
>
> http://tools.iet
I have been thinking about KSK rollover in my DNSSEC implementation, and it
seems
that there is currently no specification for KSK rollover within the DNSSEC
protocol.
There is this expired requirements draft
http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-key-rollover-requirements/
but that'
11 matches
Mail list logo
