[gtld-tech] RDAP zoneSigned flag
Michael Bauland
Michael.Bauland at knipp.de
Thu Mar 28 15:16:20 UTC 2019
Hi Scott,
On 28.03.2019 15:35, Hollenbeck, Scott wrote:
> Speaking as one of the authors of RFC 7483: delegationSigned is for the parent and zoneSigned is for the subject domain. If the parent has DS records, we know that the subject domain _should_ be signed. For what it's worth, neither of us authors feels that text is really clear.
Thanks for your answer. Let's take an example to make sure I understood
you correctly:
I'm the registry for .example. The zone test.example is registered and
the registrar provided DS records.
If someone now uses my RDAP server and inquires test.example, I return
delegationSigned = true, because I know that DS records for text.example
exist. So far so clear.
For zoneSigned I see two possibilities:
1. I also return zoneSigned=true, because I assume that test.example is
signed.
2. I don't publish zoneSigned, because I don't know for sure, whether
the zone is signed.
In Case 1 delegationSigned and zoneSigned will always have the same
value, so there's no real benefit in publishing both.
As a consequence, as a registry I would say I always ignore zoneSigned
and don't publish it.
The only real use case for zoneSigned is, if I am a registrar and also
run the DNS service for my customer. Only then do I know for sure
whether the zone is signed or not.
Cheers,
Michael
--
____________________________________________________________________
| |
| knipp | Knipp Medien und Kommunikation GmbH
------- Technologiepark
Martin-Schmeisser-Weg 9
44227 Dortmund
Germany
Dipl.-Informatiker Fon: +49 231 9703-0
Fax: +49 231 9703-200
Dr. Michael Bauland SIP: Michael.Bauland at knipp.de
Software Development E-mail: Michael.Bauland at knipp.de
Register Court:
Amtsgericht Dortmund, HRB 13728
Chief Executive Officers:
Dietmar Knipp, Elmar Knipp
More information about the gtld-tech
mailing list