Re: [DNSOP] Problems with DS change in registry/registrar environment

> -Original Message- > From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of > Subject: [DNSOP] Problems with DS change in registry/registrar environment > > > Is this summary at least partially correct? Partially, yes. I agree with you that there is no match between

Re: [DNSOP] Problems with DS change in registry/registrar environment

On 30 jun 2009, at 12.02, Antoin Verschuren wrote: So let's not discuss the mixing up of roles like registrar, registrants, dns-operators, etc. The only reason they matter is because in practice: Where have you got these numbers from? -95% of registrar changes INVOLVE a change of DNS opera

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

On Tue, Jun 30, 2009 at 08:36:47AM +0200, Patrik Fältström wrote: > [On request from Olaf, also dnsop is included:ed] The discussion and input is very wolcome in DNSOP. For reasons related to "Note Well" we'll not be able to routinely approve cross postings.

[DNSOP] Trust History draft

Hi, Just new in the dnsop wg tools page: http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-00 This is the same version as draft-wijngaards-dnsext-trust-history-03, but moved to the DNSOP wg. I would like to request adoption of the document. Why? I want to enable end users to use

Re: [DNSOP] Problems with DS change in registry/registrar environment

Patrik; > We have a problem when "a domain changes hands" and the private DS key > in some way is changed, should be changed, and sometimes is not changed > as it should. That is a manifestation of the fundamental problem that DNSSEC is not end to end. If DNSSEC were end to end, end users co

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

On Tue, 30 Jun 2009, Patrik Fältström wrote: A.3. Have the registry remove DS implicitly if domain is transferred to registrar that does NOT handle DNSSEC. My suggestion is that we look carefully on option A.3. This does not imply any changes to any pieces of the protocol, deployed operation

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

In message , =?WINDOWS-1252?Q?Patrik_F=E4ltstr=F6m?= writes: > On 30 jun 2009, at 12.02, Antoin Verschuren wrote: > > > So let's not discuss the mixing up of roles like registrar, =20 > > registrants, dns-operators, etc. > > The only reason they matter is because in practice: > > Where have you

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

On Wed, 1 Jul 2009, Mark Andrews wrote: Validators shouldn't have to refetch DS records to work around a broken key rollover. [ process where everyone co-operates and lives happilly and forever after ] This is just not going to happen, and any modifications to the validators s

Re: [DNSOP] Problems with DS change in registry/registrar environment

On Tue, Jun 30, 2009 at 12:43:35PM +0200, Patrik Fältström wrote: > >> 4 Domain is transferred to new registrar > >> 5 New Domain Operator is adding new DS to the old DS set > >> 6 New Domain Operator is adding new NS > > > >Don't get you here. Where does he do this? > > Add the new NS to the

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

On Tue, Jun 30, 2009 at 10:33:15AM -0400, Paul Wouters wrote: > On Tue, 30 Jun 2009, Patrik Fdltstrvm wrote: > > >A.3. Have the registry remove DS implicitly if domain is transferred to > >registrar that does NOT handle DNSSEC. > > > >My suggestion is that we look carefully on option A.3. This do

Re: [DNSOP] [dnssec-deployment] Problems with DS change in registry/registrar environment

In message <4a4a292d.20...@digsys.bg>, Daniel Kalchev writes: > > > Mark Andrews wrote: > > This is simultaneous roll of KSK and ZSK keys. You introduce > > the keys the *same* way as you would with a single operator. > > The new operator generates new keys. The are added to the >