Although DNSSEC was formally introduced to the Netherlands in 2012, the transfer of secure domains remained a problem for a long time. After all, when transferring a signed domain, the registrant will normally want to know that the domain will remain secure, not only after the new registrar takes control, but also while the transfer is in progress.
A transfer protocol that made that possible was devised several years ago by Antoin Verschuren, Technical Advisor at SIDN, and has since been standardised by the IETF.
However, the new transfer procedure required the receiving registrar and the releasing registrar to exchange key material: something that SIDN's registry interface didn't support at the time. Last year, a new EPP command was therefore developed: key relay.
Now that PowerDNS — the most widely used DNS server for signed domains — officially supports the publication of external key material, the chain is complete. Signed domains can now be transferred between registrars securely and automatically. In the summer, Monshouwer became the first registrar to implement and use the entire transfer protocol.