To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, dee3@torque.pothole.com (Donald E. Eastlake 3rd)
Cc:
dnsop@cafax.se, dee3@torque.pothole.com
From:
Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date:
Sun, 05 Dec 1999 16:36:46 +0100
In-Reply-To:
<199912030458.NAA09330@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last WG call for draft-ietf-dnsop-root-opreq-02.txt.
At 13:57 03.12.99 +0900, Masataka Ohta wrote:
>Donald;
>
> > I believe that experience indicates that confirmation via independent
> > transmission routes, even if each is "insecure", substantially
> > increates reliablity of the result over a single insecure
> > transmission.
>
>Yes. Harald could have said just "email", instead of giving false
>impression that unsigned emails are less secure than telephone
>or fax.
>
> > >> > "An operator of a root zone server MUST be able to get proof of the
> > >> > correctness of a zone file from the authority responsible for
> updating it
> > >> > by means not involving DNS operations, for example by telephone, fax,
> > >> > signed email with a trusted signature or other means".
All I was trying to do was to make what the document said clear.
We already have the document saying that such a communications channel is a
MUST requirement.
If we want the document to require a cryptographically secured non-DNS
channel for verifying the content of a root zone file, and the only one we
can think of at the moment is signed email with preverified keys, we'd
better make sure the document says exactly that.
If we don't want the document to require that, we'd better put in language
that says that this isn't required.
Otherwise we'll be back over this issue in 6 months' time.
Harald A
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no