wrt joao damas' DLV talk on wednesday

• Previous message (by thread): wrt joao damas' DLV talk on wednesday
• Next message (by thread): wrt joao damas' DLV talk on wednesday
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > thanks for actual technalia.

i've also been warned that this isn't ops-related and told to move elsewhere.

> > ( first, i suspect much of the confusion could come from your
> > thinking that the place up on skyline is *the* alice's restaurant.

*the* alice's restaurants are the ones in our own private idaho's.

> > i think if you amplified on and detailed the above, and went into
> > how re-delegation and key changes would handled, it would go a long
> > way to clarifying the isc dlv registry's security process.

i feel sure that joao said at the podium that he would do that and put it on
the www.isc.org/ops/dlv/ web site.  so, you're just selling after the close.

> > you're also welcome to use some of the cctlds and other zones i
> > manage as outlying/strange examples.  e.g. NG, which i could sign,
> > but neither ng nor i have an established relationship to isc.

it's possible that no trust path can be found for some domains.  for example,
i cannot imagine who could represent the root zone for the purpose of sending
in a key for it.  (not that DLV has a way to publish the root key; it doesn't;
i'm just using the root as the ideal strange example of this problem.)

> > and how it would be rolled would be of interest.

key-roll through DLV is no different, from the high level, that key roll
through non-DLV.  either way you have to instantiate a new key and get it
to your registry somehow (either through your registrar or otherwise) before
you start using it.  either way you have to remove your old keys after you've
stopped using them.  either way you'll have two keys in your key registry
(either DLV or DNS) during the rollover.  the only thing that changes with
DLV is that you actually *have* someone to send your key to even if your
DNS registrar and/or DNS registry isn't ready to accept/publish them yet.

> > and say psg.com, registered through retsiger, who we might assume,
> > for sake of example, will not play.

anyone whose registrar won't play, will have to follow the procedure outlined
on www.isc.org/ops/dlv/, which involves much manual labour, but can be done.
(see http://www.isc.org/ops/dlv/#how_register in particular.)

• Previous message (by thread): wrt joao damas' DLV talk on wednesday
• Next message (by thread): wrt joao damas' DLV talk on wednesday
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]