[ntpwg] [dhcwg] DNSSEC in names vs. numbers for NTP server information in DHCP
David W. Hankins
David_Hankins at isc.org
Wed Nov 28 17:11:43 GMT 2007
On Wed, Nov 28, 2007 at 01:42:55AM +0100, Shane Kerr wrote:
> It seems like we have to provide IP addresses for NTP servers for this reason.
IP addresses are no more innately secure than non-DNSSEC'd domain
names.
So I don't see how this is different from disabling DNSSEC validation
until the clock is synchronized to the man in the middle.
--
Ash bugud-gul durbatuluk agh burzum-ishi krimpatul.
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ntp.org/pipermail/ntpwg/attachments/20071128/bbdc9943/attachment.bin
More information about the ntpwg
mailing list