To:
EPP Provreg <ietf-provreg@cafax.se>
From:
Andrew Sullivan <ajs@shinkuro.com>
Date:
Tue, 26 Jan 2010 09:06:17 -0500
Content-Disposition:
inline
In-Reply-To:
<18EED984-EBDF-4F56-924B-F4F3BB44154E@cisco.com>
Mail-Followup-To:
Andrew Sullivan <ajs@shinkuro.com>,EPP Provreg <ietf-provreg@cafax.se>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.5.18 (2008-05-17)
Subject:
Re: [ietf-provreg] Revision of 4310
On Tue, Jan 26, 2010 at 06:56:24AM +0100, Patrik Fältström wrote: > I think it is much better the way it is now, that all DS the > registry know about are active. To turn the active/not active flag > on and off epp transactions are needed anyways, so the client can as > well remove/add the keys instead. > > I.e. I do not see any need for the registry to keep track of > active/not active keys, and need to get much more explanation why > this is needed to be convinced we should change what we have today. Actually, I can think of a use for this, or something like it. If you wanted to pre-publish keys in the parent, and the parent is checking for the corresponding key in the child zone, then you can't do that with the bits available in the protocol now. But if we had a way to say, "Put this key in, but it's not active now," that would be a way to pre-publish the DS without the corresponding DNSKEY in the child zone, even if the parent had a policy to check the child zone (because with the "not active" the parent could tell that the key just won't be there). A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se