On 10/13/2011 04:41 PM, Curtis Villamizar wrote:
> In message <[email protected]>
> Michael Richardson writes:
>
>>>>>>> "Curtis" == Curtis Villamizar <[email protected]> writes:
>> >> While talking about hardware. These these devices all need a
>> >> battery backed clock or all the crypto will be broken.
>>
>>
>> Curtis> Having a clock is not hard but I don't think your statement
>> Curtis> is true.
>>
>> Curtis> Some crypto does not require time, but rather just entropy
>> Curtis> (a nonce or challenge). For crypto that does require time
>> Curtis> the former can be a bootstrap of sorts, possibly to get ntp
>> Curtis> going if very accurate time is needed (for some reason).
>>
>> Curtis, Mark, as a DNSSEC implementer knows of what he speaks. DNSSEC
>> requires time. Not to the second or even minute, but at least hour.
>>
>> DNSSEC is a core protocol at this point, and we need to be aware of
>> it. It doesn't matter today, because we have a broken home DNS
>> system, but that's within homenet to fix.
>>
>> Bootstraping time enough to get DNSSEC to work is important.
>
> I was thinking routing protocols and KARP.
>
> We are talking about routers and relying on DNS to get routing up is
> always a really bad idea. Relying on NTP to get routing up is also a
> bad idea.
>
> Neither KARP, as defined, or DNSSEC, are candidates for zero
> configuration. If the user can configure KARP and DNSSEC they are
> perfectly capable of using a backdoor, like ssh, to set the time of
> day after a reboot that lost time-of-day.
>
> Sorry, but I lost track of why this is an issue for homenet. What
> zero config crypto are we talking about that may care if it loses time
> of day?
>
DNSSEC.
And as routers are already being attacked, getting DNSSEC secure
end-to-end seems like the right strategy.
- Jim
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
