To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc:
mohta@necom830.hpcl.titech.ac.jp, dee3@torque.pothole.com, dnsop@cafax.se
From:
Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date:
Mon, 06 Dec 1999 08:09:35 +0100
In-Reply-To:
<199912060045.JAA10188@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last WG call for draft-ietf-dnsop-root-opreq-02.txt.
At 09:45 06.12.99 +0900, Masataka Ohta wrote:
>Harald;
>
> > >Yes. Harald could have said just "email", instead of giving false
> > >impression that unsigned emails are less secure than telephone
> > >or fax.
>
> > If we want the document to require a cryptographically secured non-DNS
> > channel for verifying the content of a root zone file, and the only one we
> > can think of at the moment is signed email with preverified keys, we'd
> > better make sure the document says exactly that.
>
>Be consistent.
>
>Or, are you saying phone or fax, which you mentioned with signed email,
>cryptographically secured?
>
>Wiesel wording is not effective on me.
I have not stated the security characteristics of email, fax or phone.
Merely that they are out of band from the DNS transfer.
My personal opinion is that an attacker who has managed to damage a zone
transfer is more likely to be able to damage your unsigned email than to be
able to damage your phone conversations.
That does not make an ordinary phone "secure" in a cryptographic sense.
I'll stop replying to your mails on this subject now, Ohta.
Harald A
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no