[dns-operations] Question to DNSSEC and DLV policy
Peter Koch
pk at DENIC.DE
Thu Mar 19 17:10:35 UTC 2009
On Thu, Mar 19, 2009 at 10:09:14AM -0400, Keith Mitchell wrote:
> Michael Monnerie wrote:
> > requested zone, that the persons making the request are who they
> > claim to be and that they are authorised by the domain holder to
> > request the inclusion of the keys in the zone.
>
> In an ideal world, end-user customers would never have to deal with
> Trust Anchor Repositories (TARs) directly - this would all be handled
> implicitly in the namespace by TLD registries and registrars as part of
> standard domain registration. However, in the absence of the root and
an aspect that might be missing here and that is not only related to DLV
or a TAR: the "authori[zation] by the domain holder" can be implicit or
explicit. In the case of TLD registry interaction, it's usually the registrar
who is believed to act on behalf of the registrant. For DNSSEC, the
zone maintainer has a separate role (even if zone maintainer == registrar)
and as far as I read the documentation <https://dlv.isc.org/about/requirements>,
someone demonstrating control over zone content is accepted to be "in charge".
Bothering the registrant (unless registrant == zone maintainer) on top of that
does not really make sense from a DNSSEC point of view (it may if you take
billing issues into account).
-Peter
More information about the dns-operations
mailing list