To:
EPP Provreg <ietf-provreg@cafax.se>
From:
Andrew Sullivan <ajs@shinkuro.com>
Date:
Thu, 29 Oct 2009 10:20:39 -0400
Content-Disposition:
inline
In-Reply-To:
<4AE82EF2.1000802@publisher.de>
Mail-Followup-To:
Andrew Sullivan <ajs@shinkuro.com>,EPP Provreg <ietf-provreg@cafax.se>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.5.18 (2008-05-17)
Subject:
Re: [ietf-provreg] Anyone working on 4310-bis?
On Wed, Oct 28, 2009 at 12:45:54PM +0100, Ulrich Wisser wrote: > The add command (as well as update) uses the secDNS:dsDataType. Which > makes keytag, alg, digestType and digest mandatory. I know that .SE and > other registries considered to become a "fat" registry and take in the > public keys instead of the ds records. The DS records would be computed > from the public keys according to registry policies. > This case is not covered by 4310. While this is true, 4310 does provide an OPTIONAL <secDNS:keyData> element. Registry policy could require this. Then you could get the DS and the DNSKEY at the same time, and you could even check to be sure the DS they're providing actually matches the DNSKEY they're providing (and use that as a first-line test to make sure their plan is sane. If they can't generate the right DS, they are as likely to have other problems as not, and it could well be that you want to stop doing anything until it's sorted). No? I'm loathe to make the <secDNS:dsData> element OPTIONAL because it would necessarily mean changing the XML schema, which would cause changes to be strictly backwards incompatible. A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se