In message <[email protected]> Michael Richardson writes: > >>>>> "Curtis" == Curtis Villamizar <[email protected]> writes: > >> While talking about hardware. These these devices all need a > >> battery backed clock or all the crypto will be broken. > > > Curtis> Having a clock is not hard but I don't think your statement > Curtis> is true. > > Curtis> Some crypto does not require time, but rather just entropy > Curtis> (a nonce or challenge). For crypto that does require time > Curtis> the former can be a bootstrap of sorts, possibly to get ntp > Curtis> going if very accurate time is needed (for some reason). > > Curtis, Mark, as a DNSSEC implementer knows of what he speaks. DNSSEC > requires time. Not to the second or even minute, but at least hour. > > DNSSEC is a core protocol at this point, and we need to be aware of > it. It doesn't matter today, because we have a broken home DNS > system, but that's within homenet to fix. > > Bootstraping time enough to get DNSSEC to work is important.
I was thinking routing protocols and KARP. We are talking about routers and relying on DNS to get routing up is always a really bad idea. Relying on NTP to get routing up is also a bad idea. Neither KARP, as defined, or DNSSEC, are candidates for zero configuration. If the user can configure KARP and DNSSEC they are perfectly capable of using a backdoor, like ssh, to set the time of day after a reboot that lost time-of-day. Sorry, but I lost track of why this is an issue for homenet. What zero config crypto are we talking about that may care if it loses time of day? Curtis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
