On 10/13/2011 06:15 PM, Curtis Villamizar wrote:
> In message <[email protected]>
> Jim Gettys writes:
>>> Sorry, but I lost track of why this is an issue for homenet. What
>>> zero config crypto are we talking about that may care if it loses time
>>> of day?
>>>
>> DNSSEC.
>>
>> And as routers are already being attacked, getting DNSSEC secure
>> end-to-end seems like the right strategy.
>> - Jim
>
> Trimmed response.
>
> I don't follow the logic here.
>
> I don't see any relationship between "routers are already being
> attacked" and DNSSEC.
>
> The homenet user is not going to get DNS or DNSSEC configured for the
> LAN addresses on their network so I'm not sure why the topic is even
> relevant to homenet.
Why not? Plug in a named computer, and publish it's name into the global
DNS... Proof of principle was demonstrated by Dave Taht and Evan Hunt
when they brought up
bind on CeroWrt even if it isn't in today's CeroWrt build. It isn't
that hard...
>
> Back in the days when I was involved in big-I Internet operations
> routers purposely didn't run rely on DNS to avoid a chicken and egg
> problem (router can't reach DNS therefore routing is down). Even logs
> used IP addresses and could be translated after the fact if need be.
>
> I'm quite knowledgeable in routers getting attacked. The homenet
> routing protocol would be wise to use GTSM on things like OSPF. Open
> routing on wireless might still be a bad idea. Maybe keys or shared
> secret has to be added for wireless making it non-zero config.
Could be. I have no clue what the community networking people are doing
about routing protocol security in OLSR or other protocols. I certainly
*hope* they are doing something, as some of their networks are now in
the hundreds or even thousands of nodes...
- Jim
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
