[Top] [All Lists]

Re: [ietf-smtp] [OT] (signed TLDs)

2019-10-15 21:36:48
On 16 Oct 2019, at 6:10 am, Arnt Gulbrandsen 
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:

On Tuesday 15 October 2019 18:52:18 CEST, Hector Santos wrote:
I wish I understood more of this discussion and "basic problem," if any,

It's this: if someone were to tell the .com registry that starting 
immediately, they wish to sign domain and will the .com registry 
please include the necessary RRs in .com, how would the .com registry know 
whether to trust that someone?

Once the domain is signed and the records are in .com, there's a fine 
mechanism that anyone can use to check whether that someone actually controls But what about the initial inclusion of the signature-related 
records in the .com zone?

There are ways, sometimes at least. For example, if it's done when the domain 
is initially registered, then it's clear that the registrant actually is the 
registrant. But initiating trust is a difficult problem if you want to solve 
it generally.

Well when the delegation was initially registered credential where exchanged
even if that was a user name / password pair.  This allowed NS records and
glue address records to be updated securely.  Updating/adding DS records is no
different.  You use the existing mechanisms, initially this was talking to the
registry directly.  These days it is intermediated through a registrar.

Or did you think anyone could change NS records for



ietf-smtp mailing list

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka(_at_)isc(_dot_)org

ietf-smtp mailing list