In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write: >> A colleague says "If TLDs allowed UPDATE messages to be processed most >> of the issues with DNSSEC would go away. At the moment we have a whole >> series of kludges because people are scared of signed update messages."
Someone is wildly overoptimistic. The problem I run into over and over again is that I run someone's DNS and other services, but I am not the registrant and I am not the registrar, I just run the DNS. Either I have to walk the registrant through the process of installing DNSSEC keys, or she has to give me her registrar account password, neither of which scales. Slightly more automatic processing of updates for which I do not have the credentials will not help. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
