To:
Alain Durand <Alain.Durand@Sun.COM>
Cc:
dnsop@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Tue, 15 Jul 2003 23:53:57 +0200
In-Reply-To:
<8DE727E2-B697-11D7-83E1-00039358A080@sun.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Stepping back on the DNS discovery discussion
At 12:40 AM -0700 2003/07/15, Alain Durand wrote:
> That is, if there is already a mechanism to broadcast NTP
> timestamp on the local network, this may be a good enough solution.
NTP can be spoofed. How can you know whether or not to trust it?
IMO, that requires some configuration -- either automatic, or manual.
If the latter, you look in a file that tells you which servers to
trust. Even that can be spoofed, unless you use cryptographic
authentication. If automatic, then you have to have a way to get
authoritative configuration information that can be trusted.
This can be a bit of a chicken-vs-egg problem. DHCP may or may
not be the best way to hand out NTP configuration information, but it
would seem to be one reasonable approach. I'm sure there are others.
However, before going too far down the NTP rathole in a WG
supposedly devoted to the DNS, I would encourage involving other
contributors from ntp.org in this discussion, especially Harlan
Stenn. I'm a contributor myself, but I just run the mail system and
the mailing lists, and I'm not that intimate with the internals of
NTP itself.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.