ietf
[Top] [All Lists]

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-11 10:43:37
On Wed, 11 Sep 2013, Olafur Gudmundsson wrote:

I think you can avoid that issue by having the device not pass traffic
until the DNSSEC validation is enabled. Only the device needs the special
permissive handling for this to work.

You mean only allow NTP and DNS traffic in the beginning, until checks are done?
In many cases we can get a reasonable time by writing the current time to a 
NVRAM variable every 6 hours or so, but that
only helps for reboot.

And if you think of laptop and/or phone, add "hotspot detection" to this
isolation mode. It's harder because it needs a "private browser window"
type state.

Paul

<Prev in Thread] Current Thread [Next in Thread>