In message <[email protected]> Jim Gettys writes: > > > > Sorry, but I lost track of why this is an issue for homenet. What > > zero config crypto are we talking about that may care if it loses time > > of day? > > > DNSSEC. > > And as routers are already being attacked, getting DNSSEC secure > end-to-end seems like the right strategy. > - Jim
Trimmed response. I don't follow the logic here. I don't see any relationship between "routers are already being attacked" and DNSSEC. The homenet user is not going to get DNS or DNSSEC configured for the LAN addresses on their network so I'm not sure why the topic is even relevant to homenet. Back in the days when I was involved in big-I Internet operations routers purposely didn't run rely on DNS to avoid a chicken and egg problem (router can't reach DNS therefore routing is down). Even logs used IP addresses and could be translated after the fact if need be. I'm quite knowledgeable in routers getting attacked. The homenet routing protocol would be wise to use GTSM on things like OSPF. Open routing on wireless might still be a bad idea. Maybe keys or shared secret has to be added for wireless making it non-zero config. Curtis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
