Third Party DNS operator to Registrars/Registries Protocol
draft-ietf-regext-dnsoperator-to-rrr-protocol-05

Document Type Expired Internet-Draft (regext WG)
Last updated 2018-11-05 (latest revision 2018-05-04)
Replaces draft-latour-dnsoperator-to-rrr-protocol
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document (wg milestone: Sep 2018 - Submit for publicati... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-regext-dnsoperator-to-rrr-protocol-05.txt

Abstract

There are several problems that arise in the standard Registrant/Registrar/Registry model when the operator of a zone is neither the Registrant nor the Registrar for the delegation. Historically the issues have been minor, and limited to difficulty guiding the Registrant through the initial changes to the NS records for the delegation. As this is usually a one time activity when the operator first takes charge of the zone it has not been treated as a serious issue. When the domain uses DNSSEC it necessary to make regular (sometimes annual) changes to the delegation, updating DS record(s) in order to track KSK rollover. Under the current model this is prone to delays and errors, as the Registrant must participate in updates to DS records. This document describes a simple protocol that allows a third party DNS operator to: establish the initial chain of trust (bootstrap DNSSEC) for a delegation; update DS records for a delegation; and, remove DS records from a secure delegation. The DNS operator may do these things in a trusted manner, without involving the Registrant for each operation. This same protocol can be used by Registrants to maintain their own domains if they wish.

Authors

Jacques Latour (jacques.latour@cira.ca)
Ólafur Guðmundsson (olafur+ietf@cloudflare.com)
Paul Wouters (paul@nohats.ca)
Matthew Pounsett (matt@conundrum.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)