On Mon, 31 Jan 2011, John Bashinski wrote: > > A validator must confirm that its local clock is sufficiently > > accurate before trust anchors can be established, and before > > processing of DNSSEC signatures can proceed. > > How?
There are two possibilities here: you can't reach a time server because of some screwup, or someone is deliberately lying to you about the time. The latter for DNSSEC is a denial of service attack, and the other network comms in the bootstrap process is similarly vulnerable to DoS. I agree it is a concern but I'm not sure it needs to cause angst. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
