In article <EA77F2DD-D7F3-47E8-A636-83EEF205C0F0(_at_)dukhovni(_dot_)org> you
write:
On Oct 11, 2019, at 12:08 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
CDS support at registries is essential to removing this roadblock to DNSSEC
adoption, by getting the registrar out of the critical path.
Unless I missed something, CDS currently only lets you update DS records,
not install them initially.
At least two registries supports bootstrapping DNSSEC via CDS.
I suppose I can put in CDS records and see what happens.
https://www.nic.ch/faqs/dnssec/cds/
https://ripe75.ripe.net/presentations/123-CDNSKEY-FRED-KNOT-RIPE75.pdf
Further links:
https://meetings.icann.org/en/dublin54/schedule/wed-dnssec/presentation-dnssec-bootstrapping-21oct15-en.pdf
https://github.com/CIRALabs/DSAP
https://blog.dnsimple.com/2019/02/cds_cdnskey/
--
Viktor.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp