IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt

Olafur Gudmundsson <ogud@ogud.com> Tue, 09 July 2013 13:47 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB4CE21F9A98 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2013 06:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsnQ6Gtp9q3y for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2013 06:47:17 -0700 (PDT)
Received: from smtp85.ord1c.emailsrvr.com (smtp85.ord1c.emailsrvr.com [108.166.43.85]) by ietfa.amsl.com (Postfix) with ESMTP id BCEDF21F9930 for <dnsop@ietf.org>; Tue, 9 Jul 2013 06:47:17 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp3.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 71978500DD; Tue, 9 Jul 2013 09:47:16 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp3.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 8163A500AE; Tue, 9 Jul 2013 09:47:14 -0400 (EDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <51DBDE5E.9070805@sidn.nl>
Date: Tue, 09 Jul 2013 09:47:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <9E4D91F9-6D76-4677-9257-1470FD60E19F@ogud.com>
References: <20130617165829.2638.88322.idtracker@ietfa.amsl.com> <DD7454F5-6B16-4EBA-A380-C51E2302E5E9@kumari.net> <alpine.LFD.2.10.1306171417150.18979@bofh.nohats.ca> <0lsj0b2kk5.fsf@wjh.hardakers.net> <51C96B62.9030401@nlnetlabs.nl> <2350A43B-088E-4BEA-9317-98B8372C74BE@ogud.com> <51D18336.5010401@nlnetlabs.nl> <9245734C-D614-41C4-B2FC-C39D6DAAA5C3@ogud.com> <8E20305A-4B51-4714-B339-0C5703E75828@sinodun.com> <A82661B1-414B-435C-B359-53BC0F17EEA3@ogud.com> <33496ED6-4D88-485B-8369-566B2A1FC7C0@frobbit.se> <51DBBFBD.5020300@sidn.nl> <791FD3EC-91F6-448E-80D7-DC607A02AA2B@frobbit.se> <51DBDE5E.9070805@sidn.nl>
To: Antoin Verschuren <Antoin.Verschuren@sidn.nl>
X-Mailer: Apple Mail (2.1508)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2013 13:47:22 -0000

On Jul 9, 2013, at 5:56 AM, Antoin Verschuren <Antoin.Verschuren@sidn.nl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Op 09-07-13 10:05, Patrik Fältström schreef:
>> 
>> The registry get an EPP update via a secure channel to change the
>> NS. They can at that time (before the new zone is published) issue
>> queries for CDS at the suggested new target of the NS, and if the
>> CDS exists there they can fetch the CDS, see if key material
>> changed, and incorporate the data in the zone that is to be
>> published.
> 
> That CDS record will not validate at that point in time, so it will
> always be ignored.
> The pre-requisite for CDS is that the record can be validated, and the
> new zone is not yet in the chain of trust if the DNSKEY RRset that is
> present in the validating resolver does not contain the key by which
> the CDS record in the new zone is signed.

Antion,  is right  CDS or CSYNC can only help with operator change
when the OLD operator is highly cooperative. 
Old Operator has to be  willing and able to publish change information about the new operator 
in its copy of the zone and it has to publish it long enough for the 
parent to pick it up.

	Olafur

v2.23.0 | Report a Bug | By Email