[gtld-tech] RDAP zoneSigned flag
shollenbeck at verisign.com
Thu Mar 28 15:21:22 UTC 2019
Your clarification certainly sounds reasonable.
> -----Original Message-----
> From: Michael Bauland <Michael.Bauland at knipp.de>
> Sent: Thursday, March 28, 2019 11:16 AM
> To: Hollenbeck, Scott <shollenbeck at verisign.com>; gtld-tech at icann.org
> Subject: [EXTERNAL] Re: [gtld-tech] RDAP zoneSigned flag
> Hi Scott,
> On 28.03.2019 15:35, Hollenbeck, Scott wrote:
> > Speaking as one of the authors of RFC 7483: delegationSigned is for the
> parent and zoneSigned is for the subject domain. If the parent has DS
> records, we know that the subject domain _should_ be signed. For what it's
> worth, neither of us authors feels that text is really clear.
> Thanks for your answer. Let's take an example to make sure I understood
> you correctly:
> I'm the registry for .example. The zone test.example is registered and the
> registrar provided DS records.
> If someone now uses my RDAP server and inquires test.example, I return
> delegationSigned = true, because I know that DS records for text.example
> exist. So far so clear.
> For zoneSigned I see two possibilities:
> 1. I also return zoneSigned=true, because I assume that test.example is
> 2. I don't publish zoneSigned, because I don't know for sure, whether the
> zone is signed.
> In Case 1 delegationSigned and zoneSigned will always have the same value,
> so there's no real benefit in publishing both.
> As a consequence, as a registry I would say I always ignore zoneSigned and
> don't publish it.
> The only real use case for zoneSigned is, if I am a registrar and also run the
> DNS service for my customer. Only then do I know for sure whether the zone
> is signed or not.
> | |
> | knipp | Knipp Medien und Kommunikation GmbH
> ------- Technologiepark
> Martin-Schmeisser-Weg 9
> 44227 Dortmund
> Dipl.-Informatiker Fon: +49 231 9703-0
> Fax: +49 231 9703-200
> Dr. Michael Bauland SIP: Michael.Bauland at knipp.de
> Software Development E-mail: Michael.Bauland at knipp.de
> Register Court:
> Amtsgericht Dortmund, HRB 13728
> Chief Executive Officers:
> Dietmar Knipp, Elmar Knipp
More information about the gtld-tech