[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6
Ted Lemon
mellon at fugue.com
Mon Nov 26 04:27:14 GMT 2007
On Nov 25, 2007, at 10:15 PM, TS Glassey wrote:
> I was trying to stay as compatible as possible, but yes in the
> Microsoft
> world Service Records (SRV's) are the current manner to do this. The
> problem I see is that SRV's cannot return the key as well as the
> address for
> secured service lookup.
Are you guys seriously proposing using DNSSEC as a way to secure the
keys to NTP? By how many orders of magnitude do you think this
increases the value of the DNS root key?
Based on the messages that I see flying by, with talk of "audit" and
"keys", I don't even understand why we're having this discussion. If
DHCP is the cornerstone of your security model, you are doomed. If
DNSSEC is the cornerstone of your security model, you're putting all
of your eggs in a single basket. It's no wonder we're not converging
here - what you're proposing to do is essentially impossible!
More information about the ntpwg
mailing list