[Dnssec-deployment] Publishing DS records in WHOIS
Olafur Gudmundsson
ogud at ogud.com
Fri Jul 30 09:58:04 EDT 2010
On 30/07/2010 8:53 AM, Chris Thompson wrote:
> On Jul 29 2010, Jay Daley wrote:
>
>> Does anyone have any view on whether registries should publish
>> DS records in their WHOIS?
>
> It's wrong in principle to publish DS records over a non-secured
> channel. The DS records are signed in the parent, the delegation
> NS records aren't, and this makes the difference.
>
> (Maybe "whois" over https would be acceptable.)
>
I think Chris is correct that publishing the DS them self in whois it
not important.
But on the other hand having the timestamp as to when the
DS was updated last is useful as that shows if a change made it into
the registry.
Olafur
More information about the Dnssec-deployment
mailing list