To:
EPP Provreg <ietf-provreg@cafax.se>
From:
Andrew Sullivan <ajs@shinkuro.com>
Date:
Mon, 29 Dec 2008 09:44:04 -0500
Content-Disposition:
inline
In-Reply-To:
<27799D3A07C9EC43910872D892858442029A38A6@dul1wnexmb01.vcorp.ad.vrsn.com>
Mail-Followup-To:
Andrew Sullivan <ajs@shinkuro.com>,EPP Provreg <ietf-provreg@cafax.se>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.5.18 (2008-05-17)
Subject:
Re: [ietf-provreg] DNSSEC EPP Extension (RFC 4310) UsabilityQuestion
Hi, On Sun, Dec 28, 2008 at 12:35:48PM -0500, Gould, James wrote: > > Overall, I believe that the inability to do both an add and remove > in RFC 4310 is an oversight that should be addressed to be > consistent with the rest of the EPP specifications and to ensure > transactional consistency, but I'm not sure if it is bad enough to > warrant the process to make the change on its own. Based on the > provreg e-mail list it doesn't look like anyone beliefs that it does > warrant a change to RFC 4310 at this point (other than maybe me), so > if there is anyone out there that believes that it does please reply > to the list. I think it does, and I'm willing to work on such changes. I do worry about the operational effects of performing add and remove at the same time: it seems to me to be the sort of thing that could take a domain dark. There's an additional issue in this area that's troubling to me, which has to do with domain transfers in a DNSSEC context, particularly in cases where the private keys for the two sponsors can't be shared (imagine the case where the two sponsors are each involved in operating the DNS for the target domain; in this case, they're not going to share private keys with one another). It seems to me that in such a case, a sponsor needs to be able to add a DS record to a domain object when the sponsor doesn't actually own the domain. This is problematic, because obviously we don't want random others being able to add properties to the objects one sponsors. It would be possible to allow this while a transfer is pending, but often there are various prohibitions on such a domain, and perhaps those will conflict with the ability of the gaining sponsor to add properties to the prospectively-transferred domain. Thoughts? A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.