To:
Francis Dupont <Francis.Dupont@enst-bretagne.fr>
CC:
Alain Durand <Alain.Durand@sun.com>, dnsop@cafax.se, rdroms@cisco.com
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 17 Jul 2003 19:14:25 +0859 ()
In-Reply-To:
<200307161756.h6GHu1of046429@givry.rennes.enst-bretagne.fr> fromFrancis Dupont at "Jul 16, 2003 07:56:01 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: proposal for a compromise on DNS discovery
Francis.Dupont@enst-bretagne.fr; > > => all the crypto things I know are valid only at limited amount > > of time. > > How many of the crypto things you know can be autoconfigured? > > => my answer to the proper question "how many of devices which > can be autoconfigured and don't use any crypto thing I know?" > is none for recent (i.e., in this century) devices. Yours is an improper question. Using autoconfiguration on non crypt things is fine. However, devices using crypto thing is secure only if they do not use autoconfiguration of the crypto thing. Answer the question. > > In fact the military measure of a secret is the duration > > one can expect it will remain secret. So as soon as there is > > some kind of security involved in the network (and it should be :-), > > So, it should be noted that root keys must also be periodically > configured. > > => do it should be noted than nothing may stay valid forever, even > root keys. > That's how security needs manual configuration. Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.