[gtld-tech] RDAP zoneSigned flag

Hollenbeck, Scott shollenbeck at verisign.com
Thu Mar 28 15:21:22 UTC 2019 

Your clarification certainly sounds reasonable.

Scott

> -----Original Message-----
> From: Michael Bauland <Michael.Bauland at knipp.de>
> Sent: Thursday, March 28, 2019 11:16 AM
> To: Hollenbeck, Scott <shollenbeck at verisign.com>; gtld-tech at icann.org
> Subject: [EXTERNAL] Re: [gtld-tech] RDAP zoneSigned flag
>
> Hi Scott,
>
> On 28.03.2019 15:35, Hollenbeck, Scott wrote:
> > Speaking as one of the authors of RFC 7483: delegationSigned is for the
> parent and zoneSigned is for the subject domain. If the parent has DS
> records, we know that the subject domain _should_ be signed. For what it's
> worth, neither of us authors feels that text is really clear.
>
> Thanks for your answer. Let's take an example to make sure I understood
> you correctly:
>
> I'm the registry for .example. The zone test.example is registered and the
> registrar provided DS records.
>
> If someone now uses my RDAP server and inquires test.example, I return
> delegationSigned = true, because I know that DS records for text.example
> exist. So far so clear.
>
> For zoneSigned I see two possibilities:
> 1. I also return zoneSigned=true, because I assume that test.example is
> signed.
> 2. I don't publish zoneSigned, because I don't know for sure, whether the
> zone is signed.
>
> In Case 1 delegationSigned and zoneSigned will always have the same value,
> so there's no real benefit in publishing both.
>
> As a consequence, as a registry I would say I always ignore zoneSigned and
> don't publish it.
>
> The only real use case for zoneSigned is, if I am a registrar and also run the
> DNS service for my customer. Only then do I know for sure whether the zone
> is signed or not.
>
> Cheers,
>
> Michael
>
> --
> __________________________________________________________
> __________
>      |       |
>      | knipp |            Knipp  Medien und Kommunikation GmbH
>       -------                    Technologiepark
>                                  Martin-Schmeisser-Weg 9
>                                  44227 Dortmund
>                                  Germany
>
>      Dipl.-Informatiker          Fon:    +49 231 9703-0
>                                  Fax:    +49 231 9703-200
>      Dr. Michael Bauland         SIP:    Michael.Bauland at knipp.de
>      Software Development        E-mail: Michael.Bauland at knipp.de
>
>                                  Register Court:
>                                  Amtsgericht Dortmund, HRB 13728
>
>                                  Chief Executive Officers:
>                                  Dietmar Knipp, Elmar Knipp

More information about the gtld-tech mailing list