* Patrik Fältström:
> We have a problem when "a domain changes hands" and the private DS key
> in some way is changed, should be changed, and sometimes is not
> changed as it should. We all agree that could lead to a blackout, but
> in many cases the blackout is not more serious than a normal blac
On Tue, Jun 30, 2009 at 12:43:35PM +0200, Patrik Fältström wrote:
> >> 4 Domain is transferred to new registrar
> >> 5 New Domain Operator is adding new DS to the old DS set
> >> 6 New Domain Operator is adding new NS
> >
> >Don't get you here. Where does he do this?
>
> Add the new NS to the
Patrik;
> We have a problem when "a domain changes hands" and the private DS key
> in some way is changed, should be changed, and sometimes is not changed
> as it should.
That is a manifestation of the fundamental problem that DNSSEC
is not end to end.
If DNSSEC were end to end, end users co
On 30 jun 2009, at 12.02, Antoin Verschuren wrote:
So let's not discuss the mixing up of roles like registrar,
registrants, dns-operators, etc.
The only reason they matter is because in practice:
Where have you got these numbers from?
-95% of registrar changes INVOLVE a change of DNS opera
> -Original Message-
> From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of
> Subject: [DNSOP] Problems with DS change in registry/registrar environment
>
>
> Is this summary at least partially correct?
Partially, yes.
I agree with you that there i
[On request from Olaf, also dnsop is included:ed]
I think this discussion have derailed a bit, while on the other hand
explained somewhat to me what things are really creating problems.
We have a problem when "a domain changes hands" and the private DS key
in some way is changed, should be
