Dearest fellow DNS sufferers, There was not enough time at the dnsop WG for me to get to the mic, so I'm posting what I wished to say here. My issue with the draft is on its recommendations for registry lock, particularly:
"Automated DS maintenance SHOULD be suspended when a registry lock is set (in particular, EPP lock serverUpdateProhibited)" I don't like this. serverUpdateProhibited is normally utilised to prevent changing the registrant of a domain, or changing (non-DNSSEC) nameservers - primarily in the case of a malitious party getting access to a registar's EPP connection. However, in the case of a CDS key rollover we know the key rollover is intentional, as it is cryptographically signed. What may be worthwhile is a draft in the EPP (and later RPP) WGs on indicating DNSEC automation preferences. This could cover things such as do not automate my DNSSEC, do not allow a key rollover via CDS, don't bootstrap my DNSSEC, etc. Q ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
