Closed brian-peter-dickson closed 7 months ago
johanix
commented
1 year ago HI Brian,
I agree that this is something that warrants careful thought. However, my feeling is that the discussion must happen in the working group. I.e. while agreeing with you I think we should defer this until the document has been adopted (assuming it will be).
Johan Stenstam
peterthomassen
commented
1 year ago how to direct Notify messages when the TLD is using the RRR model. In RRR, the Registrant is not allowed to communicate directly with the Registry. In other words, the Registrant would need to send the Notify to the Registrar, presumably on some pre-agreed-upon destination IP.
That IP may need to be established on a per-domain basis
For reference, this draft from 2013 has a section on a related problem: https://datatracker.ietf.org/doc/html/draft-andrews-dnsop-update-parent-zones-04#section-7
But I agree with Johan that we should see what the WG thinks before adding complexity to the document.
Maybe add a section to discuss the open question of how to direct Notify messages when the TLD is using the RRR model. In RRR, the Registrant is not allowed to communicate directly with the Registry. In other words, the Registrant would need to send the Notify to the Registrar, presumably on some pre-agreed-upon destination IP.
That IP may need to be established on a per-domain basis (not necessarily unique, but also not globally identical for all domains at a given Registrar). The agreement might be done via publishing in DNS, but that does come with some risk for discovery and DOS/abuse.
Thinking out loud, given that the Registrant operates a DNSSEC signed zone and publishes a public key while possessing a private key, the Registrar could theoretically encrypt the information using the Registrant's public key, which would restrict the ability to decrypt the information to only the Registrant. OTOH, that might not scale very well, so it's just a placeholder idea for now. ACLs might work, but similarly have scaling issues.
Some kind of pub/sub thing to allow Registrants to publish information about their Notifier systems, that the Registrar could discover (at scale) might be a method. The Registrant would use some well-known publication point (underscore name), and sign the record (preventing forgery).
Registrar would discover the publication point via polling, and then acknowledge at its own publication point, allowing the Registrant to know it is okay to use the address (however that address is learned.)