IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Ulrich Wisser <liste@publisher.de>
CC: Klaus Malorny <Klaus.Malorny@knipp.de>, EPP Provreg <ietf-provreg@cafax.se>
From: James Gould <jgould@verisign.com>
Date: Thu, 28 Jan 2010 09:15:00 -0500
In-Reply-To: <4B616567.30700@publisher.de>
Sender: owner-ietf-provreg@cafax.se
Thread-Index: AcqgA9IML8qy9HPMQtO0kjE7nM6N/QAIHS4H
Thread-Topic: [ietf-provreg] XML Schema versioning in 4310bis
User-Agent: Microsoft-Entourage/12.23.0.091001
Subject: Re: [ietf-provreg] XML Schema versioning in 4310bis

Title: Re: [ietf-provreg] XML Schema versioning in 4310bis

Ulrich,

> How could I miss this? If a client (our own registrar currently does)
> send two DS records per key (SHA-1 and SHA-256), these posts could not
> be deleted with they old style <rem/>.

That is correct as long as the server does what is recommended (SHOULD) by the draft. The client should use the secDNS:dsData with a secDNS:rem to explicitly specify which DS to remove. Does this address your concern?

--

JG

-------------------------------------------------------
James F. Gould
Principal Software Engineer
VeriSign Naming Services
jgould@verisign.com
Direct: 703.948.3271
Mobile: 703.628.7063

21345 Ridgetop Circle
LS2-2-1
Dulles, VA 20166

Notice to Recipient: This e-mail contains confidential, proprietary and/or Registry Sensitive information intended solely for the recipient and, thus may not be retransmitted, reproduced or disclosed without the prior written consent of VeriSign Naming and Directory Services. If you have received this e-mail message in error, please notify the sender immediately by telephone or reply e-mail and destroy the original message without making a copy. Thank you.

From: Ulrich Wisser <liste@publisher.de>
Date: Thu, 28 Jan 2010 05:22:31 -0500
To: James Gould <jgould@verisign.com>
Cc: Klaus Malorny <Klaus.Malorny@knipp.de>, EPP Provreg <ietf-provreg@cafax.se>
Subject: Re: [ietf-provreg] XML Schema versioning in 4310bis

Hi James,

[...]
> There was much discussion related to supporting the old style secDNS:rem
> with secDNS:keyTag on the list. The following text in the draft
> directly addresses the issue according to a compromise from this list:
>
>     <secDNS:keyTag> element MUST contain a key tag value as described in
>     section 5.1.1 of RFC 4034 *[6]*. Removing all DS information can
>     remove the ability of the parent to secure the delegation to the
>     child zone. The server SHOULD return an EPP error result code of
>     2305 if more than one DS record matches the <secDNS:keyTag>.
>     <secDNS:dsData> should be used by the client if there is more than
>     one DS record with the same <secDNS:keyTag>.
>
>
> I would like to continue with what was compromised in addressing the
> issue of using the non-unique secDNS:keyTag. Is this not an acceptable
> solution?

How could I miss this? If a client (our own registrar currently does)
send two DS records per key (SHA-1 and SHA-256), these posts could not
be deleted with they old style <rem/>.

/Ulrich

References:
- Re: [ietf-provreg] XML Schema versioning in 4310bis
  - From: Ulrich Wisser <liste@publisher.de>

Prev by Date: Re: [ietf-provreg] XML Schema versioning in 4310bis
Next by Date: [ietf-provreg] rfc4310bis 03 AD Feedback
Prev by thread: Re: [ietf-provreg] XML Schema versioning in 4310bis
Next by thread: Re: [ietf-provreg] XML Schema versioning in 4310bis
Index(es):
- Date
- Thread

Home | Date list | Subject list