To:
Randy Bush <randy@psg.com>, Lars-Johan Liman <liman@sunet.se>
Cc:
dnsop@cafax.se
From:
Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date:
Thu, 02 Dec 1999 10:19:23 +0100
In-Reply-To:
<E11tC0R-000Nz8-00@rip.psg.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last WG call for draft-ietf-dnsop-root-opreq-02.txt.
At 07:49 01.12.99 -0800, Randy Bush wrote:
>
> 3.3.3 Transfer of the root zone between root servers MUST be
>! authenticated and be as secure as reasonably possible. Out
>! of band security validation of updates MUST be supported.
>
I don't understand what the second sentence means, which may mean that I
didn't listen carefully enough, or that another sentence is needed.
I assume that "Update" in this context means copying a changed version of
the root zone from one root server to another, since the actual changing of
the root zone is not dealt with in this paragraph.
I assume also that "out of band" means "by means not part of the Update
transaction itself". Does this mean that signed AXFR or FTP transfer of PGP
signature files is not enough?
(If not, what is?)
Or does it mean that signed files with out of band exchange of keys
(exchange of document cases at midnight) is the Right Thing?
(I found the rest of the changes to be really sensible and informative, BTW)
Harald
ignorant
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no