To:
dnsop@cafax.se, dee3@torque.pothole.com
From:
"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Date:
Thu, 02 Dec 1999 22:53:08 -0500
In-reply-to:
Your message of "Thu, 02 Dec 1999 19:50:57 EST." <199912030050.TAA10289@clue-store.fugawi.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last WG call for draft-ietf-dnsop-root-opreq-02.txt.
I believe that experience indicates that confirmation via independent transmission routes, even if each is "insecure", substantially increates reliablity of the result over a single insecure transmission. Donald From: hannigan@fugawi.net Message-Id: <199912030050.TAA10289@clue-store.fugawi.net> To: mohta@necom830.hpcl.titech.ac.jp (Masataka Ohta) Date: Thu, 2 Dec 1999 19:50:57 -0500 (EST) Cc: Harald@Alvestrand.no, randy@psg.com, liman@sunet.se, dnsop@cafax.se In-Reply-To: <199912030022.JAA07450@necom830.hpcl.titech.ac.jp> from "Masataka Ohta" at Dec 3, 99 09:22:26 am >> Harald; >> >> > Suggested replacement language: >> > >> > "An operator of a root zone server MUST be able to get proof of the >> > correctness of a zone file from the authority responsible for updating it >> > by means not involving DNS operations, for example by telephone, fax, >> > signed email with a trusted signature or other means". >> >> No. >> >> You are saying that telephone and fax were more serure than unsigned >> email. >> > >Telephone is secure only in it's billing, and fax is only as secure >as telephony. Caller-ID and other signal messaging functions are >also not guaranteed. > >Anyone could call or fax and say they are someone that they >are not. > >I think this is a little vague for a security measure. > >-M >