[dnssec-coord] TLD's/Registrars interested in Automated CDS/CDNSKEY with CDS0 support
olafur at cloudflare.com
Fri Aug 31 13:00:59 PDT 2018
This is great and I like your aggressive acceptance policy.
sent from phone
On Wed, Aug 29, 2018, 18:41 Oli Schacher <oli.schacher at switch.ch> wrote:
> SWITCH is implementing RFC7344 / RFC8078 support for .ch and .li
> Our current acceptance criteria for initial trust are:
> - Must publish CDS ( we ignore CDNSKEY )
> - Must publish static CDS RRSET for at least three consecutive days
> - CDS RRSET must be consistent on all glue NS IPs
> - Zone must validate using the new DS RRSET
> The scan runs daily and performs all requests over TCP. Also the scan is
> performed from two locations and the initial trust is only considered if
> both locations return the same CDS rrset. "Consecutive days" only count
> if the scan ran successfully. Changes to the DS over EPP have preference
> and reset all CDS processing counters.
> SWITCH DNS Operations
> dnssec-coord mailing list
> dnssec-coord at elists.isoc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dnssec-coord