> > The paper suggests the compromise of critical infrastructure. So, besides > > not using NTP, why not stop using DNS ? Just populate a hosts file with all > > you need. > > Well DNS can be cryptographically secured. There really isn’t any good > reasons to not sign your zones today. The majority of responses from > authoritative servers are validated today so if you sign the responses will > be checked. Unfortunately most to those validations still result in insecure > instead of secure because people are not signing their zones.
So does NTP, with NTS. https://datatracker.ietf.org/doc/html/rfc8915 Rubens
