On 26 Oct 2013, at 12:59, Masataka Ohta <mo...@necom830.hpcl.titech.ac.jp> wrote:
> a serious vulnerability of, so called, DNSSEC is lack of secure time. > some security novices innocently believed GPS time were automagically secure. > That is, so far, there is no way to have really secure DNSSEC. Rubbish! If good timekeeping matters so much to DNSSEC, there are plenty of sources of reliable time. For most people, NTP will be good enough. The paranoid might choose Secure NTP. The really paranoid will have multiple time sources other than GPS: eg the radio clocks operated by many national standards institutes and/or the EU, Russian and Chinese(?) equivalents of GPS. The really, really paranoid will operate their own atomic clocks. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop