ietf
[Top] [All Lists]

Re: Practical issues deploying DNSSEC into the home.

2013-09-10 11:47:40
Hi Jim,
At 08:55 10-09-2013, Jim Gettys wrote:
We uncovered two practical problems, both of which need to be solved to enable full DNSSEC deployment into the home:

1) DNSSEC needs to have the time within one hour. But these devices do not have TOY clocks (and arguably, never will, nor even probably should ever have them).

So how do you get the time after you power on the device? The usual answer is "use ntp". Except you can't do a DNS resolve when your time is incorrect. You have a chicken and egg problem to resolve/hack around :-(.

That problem has been bothering me for a while. There can be a leap of faith at startup to get the correct time. DNSSEC can be done after that.

Regards,
-sm