On Thu, 2020-12-10 at 15:48 -0800, Brian Dickson wrote: > > > > Compared to DiS, registrar complexity is identical (because the > > complexity is also hidden in the signer here); signer complexity is > > potentially lower. The only real complexity change vs. DiS is in the > > auths, that now need to know to serve CNSRRSIG from the parent side in > > the additional part of a delegation response. For resolvers, this vs. > > DiS is again pretty much moot. > > The CNSRRSIG would also require delegation auths (i.e. TLDs) to make changes
That is what the quoted text means to convey, sorry if that was unclear! > , and I think also require EPP changes. I don't see how EPP comes into it at all. The signer signs all NSsets; the auth serves the signatures with the delegations; done. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop