To:
Eduardo Duarte <eduardo.duarte@fccn.pt>, EPP Provreg <ietf-provreg@cafax.se>
CC:
"'WG-DNS'" <wg-dns@fccn.pt>
From:
James Gould <jgould@verisign.com>
Date:
Mon, 25 Jan 2010 18:03:42 -0500
In-Reply-To:
<4B5DB135.9010801@fccn.pt>
Sender:
owner-ietf-provreg@cafax.se
Thread-Index:
AcqeEqNPoVgDLE2IyE6DzAC4GwJ7wg==
Thread-Topic:
[ietf-provreg] Revision of 4310
User-Agent:
Microsoft-Entourage/12.23.0.091001
Subject:
Re: [ietf-provreg] Revision of 4310
Eduardo, I don't believe this was discussed, but what is the expected behavior of the server? Is the use case that the clients would pre-publish the DS as active / inactive to the server, and the server would in turn only publish the active DS data? The current draft has the server publish all passed DS information, so the client would add / remove DS data instead of pre-publishing and activating / deactivating them. Now all records are considered active. Adding an additional attribute would be somewhat challenging, since it would require the client to add and remove the same DS, but with the activity flag set to a different value on the add. This is a corner case that came up with changing the maxSigLife. -- JG ------------------------------------------------------- James F. Gould Principal Software Engineer VeriSign Naming Services jgould@verisign.com Direct: 703.948.3271 Mobile: 703.628.7063 21345 Ridgetop Circle LS2-2-1 Dulles, VA 20166 Notice to Recipient: This e-mail contains confidential, proprietary and/or Registry Sensitive information intended solely for the recipient and, thus may not be retransmitted, reproduced or disclosed without the prior written consent of VeriSign Naming and Directory Services. If you have received this e-mail message in error, please notify the sender immediately by telephone or reply e-mail and destroy the original message without making a copy. Thank you. > From: Eduardo Duarte <eduardo.duarte@fccn.pt> > Date: Mon, 25 Jan 2010 14:56:53 +0000 > To: EPP Provreg <ietf-provreg@cafax.se> > Cc: 'WG-DNS' <wg-dns@fccn.pt> > Subject: [ietf-provreg] Revision of 4310 > > Hello, > > I work for the .PT ccTLD and I'm starting to add the DNSSEC extension > under our EPP implementation. > For doing this I'm following the the new revision of the 4310 RFC and I > was wondering something after reading it... > > On our implementation of DNSSEC a domain can have multiple DS keys > associated were some are active and other are in an inactive state. > On the secDNS.xsd I didn't see any way to have multiple keys send in the > info command and have a way to show if they are active or not. > > Was this matter discuss on the list already!? > > If no can I propose a small change in XSD (I know that is probably to > late for that....). My suggestion is to add a Active/Non-Active field on > the DSdataType so the definition changes to the following: > <complexType name="dsDataType"> > <sequence> > <element name="keyTag" type="unsignedShort"/> > <element name="alg" type="unsignedByte"/> > <element name="digestType" type="unsignedByte"/> > <element name="digest" type="hexBinary"/> > <element name="maxSigLife" type="secDNS:maxSigLifeType" minOccurs="0"/> > <element name="keyData" type="secDNS:keyDataType" minOccurs="0"/> > <element name="active" type="boolean" minOccurs="0"/> > </sequence> > </complexType> > > Thanks and best regards, > > Eduardo Duarte > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > List run by majordomo software. For (Un-)subscription and similar details > send "help" to ietf-provreg-request@cafax.se > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se