-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, 2019-02-25 at 17:04 +1100, Mark Andrews wrote:
I would also note that a organisation can deploy RFC 5011 for their own zones and have their own equipment use DNSKEYs managed using RFC 5011 for their own zones. This isolates the organisation's equipment from the parent zone's management practices.
I want a registrar that can use TOTP 2fa for updates, but that interferes with automated KSK key rollovers. Are there any registrars that use rfc5011 to allow automated KSK key rollovers, combined with TOTP 2fa for web based updates like the initial transition to a secure zone, NS record changes, etc.? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx1aWgACgkQL6j7milTFsF9mACfVIXUZNLTOEyzbjneuZDeIBEg 2GUAnjoWsNZXtu0PgTuTvPwK0Je9DpCG =nZy7 -----END PGP SIGNATURE-----