Hello for the first time! I'm a bit new to this IETF stuff, but a long time "participant" in the world of DNS. I was pointed to this list by a friend, and in reading some of the more recent threads I felt compelled to jump in (I hope this sort of participation is copacetic).
On Tue, 9 Jul 2013, Dickson, Brian wrote: > > to a different set, tools are likely better than doing it manually. CDS > addresses the DS/DNSKEY part, but leaves the NS part unchanged. > > It's a problem which I presume exists or might exist, which goes along > with the CDS problem: how do you automate "X", where "X" is currently > done via web form? ("Automate" might merely be "integrate into a > provisioning > system"). > > I don't know if the problem actually exists, so until someone says, > "Yeah, it is a problem", it is probably premature. > > You mean all the lame delegations in the world doesn't show an actual > problem? I'm not sure I'm understanding you. Why would this not be a problem? I feel that Paul seems exactly right. Losing synchronization between the NS set and the crypto RRs (DS/DNSKEYs) seems like an alarming prospect (if I read Mr. Dickson's response right). In other words, "Yeah, it is a problem." jl
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop