On 10/10/13 7:34 PM, Jim Reid wrote: > On 10 Oct 2013, at 16:43, Dan York <[email protected]> wrote: > >> there's nothing that DNSSEC or anything else could have done here > > Perhaps that's the case for the incidents you described Dan. > > Some sort of token which identifies the EPP transaction could be given a name > and entered into the zone that's getting redelegated or whatever. That RR > would need to be signed.
Interesting thought, but I don't know, Jim. Sounds like some way of circular dependency to me? For instance, what would happen if the registrar would upload the wrong DNSKEY/DS to the parent and want to correct that? Would be impossible, because validation is broken at that time? -- Marco _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
