I also don't consider the ntp/dnssec issue a blocker, not at the moment. It's a larger problem to solve, and one that needs solving in a wider context than just CeroWRT, and so we should keep working on a solution, but not make it a "release blocking" issue. It's a known issue, a known bit of research to continue chiseling away it, but not a major blocker.
Especially since we can always switch to raw-ip addresses for the ntp servers, as a workaround. But I like some of the workarounds suggested such as starting secure, and then slowly ratching down the security as things fail. So long as we don't expose a way to cripple the unit, or otherwise coerce it into misbehavior, I think we'll find a solution along those routes. -Aaron On Wed, Mar 26, 2014 at 5:42 AM, <[email protected]> wrote: > On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said: > > > I'm still at a loss as to the most correct way to bring up dnssec. > > Don't sweat it too much - nobody else in the security business knows > how to do it either. :) DNSSEC has even less uptake than IPv6.... > > _______________________________________________ > Cerowrt-devel mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/cerowrt-devel > >
_______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
