Hi,
This revision contains a number of improvements from recent discussions on the
list and at DNS OARC:
- Humans should be notified according to preferences established with
registry/registrar (not necessarily via email)
- Remove recommendation which had told parents to require publication of both
CDS and CDNSKEY
- Providing access to DS update history is now optional
- Clarify recommendation on suspension of automation after DS RRset removal and
provide extra analysis
- Editorial changes
The following main questions remain:
- Should registries suspend automation if the registrar has no DS removal
interface? [1]
- Should automating parties apply DS validity checks only when making a change,
or also recheck periodically?
- (Should we keep Appendix C, on "Approaches not pursued"? Currently has old
text of rejected recommendations.)
Apart from those, the document is now pretty stable.
Best,
Peter
[1]: https://mailarchive.ietf.org/arch/msg/dnsop/j4jliY6S85670vyW5AcGzAbnFPo/
On 10/20/25 13:09, [email protected] wrote:
Internet-Draft draft-ietf-dnsop-ds-automation-01.txt is now available. It is a
work item of the Domain Name System Operations (DNSOP) WG of the IETF.
Title: Operational Recommendations for DS Automation
Authors: Steve Sheng
Peter Thomassen
Name: draft-ietf-dnsop-ds-automation-01.txt
Pages: 23
Dates: 2025-10-20
Abstract:
Enabling support for automatic acceptance of DS parameters from the
Child DNS operator (via RFCs 7344, 8078, 9615) requires the parent
operator, often a registry or registrar, to make a number of
technical decisions. This document describes recommendations for new
deployments of such DS automation.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-ds-automation/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-ds-automation-01.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-ds-automation-01
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
--
Like our community service? 💛
Please consider donating at
https://desec.io/
deSEC e.V.
Möckernstraße 74
10965 Berlin
Germany
Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
