To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
cc:
Alain Durand <Alain.Durand@Sun.COM>, dnsop@cafax.se, rdroms@cisco.com
From:
Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date:
Wed, 16 Jul 2003 17:00:42 +0200
In-reply-to:
Your message of Wed, 16 Jul 2003 21:28:45 +0859. <200307161229.VAA06457@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: proposal for a compromise on DNS discovery
In your previous mail you wrote: Alain; Before trying to compromise, can you, at least, clarify your requirement? > - DHCPv6 can also pass the address of the NTP server I think NTP configuration is obsoleted. => all the crypto things I know are valid only at limited amount of time. In fact the military measure of a secret is the duration one can expect it will remain secret. So as soon as there is some kind of security involved in the network (and it should be :-), it is critical to have a good and secure source of the current date. The protocol which provides this is NTP: it synchronizes all boxes (i.e., all boxes have the same time) and with a good reference it can synchronize all boxes to the right time. Therefore NTP is a part of the initial service discovery stuff (IMHO this has nothing to do in the dnsop WG as it can't be restricted to DNS server discovery, but the IPv6 WG already tried to solve the whole issue and failed...). Regards Francis.Dupont@enst-bretagne.fr PS: NTP is very useful for management too, an argument I used many (~10) years ago when I was at the head of the RIPE DNS TF to recommend to make all routers (the active equipments at this time) NTP clients or peers. PPS: Obviously there is a bootstrap problem with secure NTP. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.