From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mcr@sandelman.ca>
Received: from relay.sandelman.ca (relay.cooperix.net [67.23.6.41])
	by huchra.bufferbloat.net (Postfix) with ESMTP id C5687200A76
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 21 Aug 2012 13:45:57 -0700 (PDT)
Received: from sandelman.ca (24-139-16-154.eastlink.ca [24.139.16.154])
	by relay.sandelman.ca (Postfix) with ESMTPS id B13BD8659;
	Tue, 21 Aug 2012 16:40:51 -0400 (EDT)
Received: from sandelman.ca (quigon.sandelman.ca [127.0.0.1])
	by sandelman.ca (Postfix) with ESMTP id DE8EECA0CB;
	Mon, 20 Aug 2012 19:19:27 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: cerowrt-devel@lists.bufferbloat.net
In-reply-to: <CAC938DiarPg3OHOtPO1T8+LeG_jux526btzT1MGoBT4VKhSmgA@mail.gmail.com>
References: <CAA93jw50MeqWH6TVKditFGfg-V-mOi-UUtsABqd+WHs2vedHQw@mail.gmail.com>
	<502E064C.50305@etorok.net>
	<CAA93jw6JGFb9Eqh9tTdy2DY6fsNDDKpq391JQqirezoU4aJCSQ@mail.gmail.com>
	<502E9609.5040800@etorok.net>
	<CAA93jw4-Arc7U+ZCMpuYY1HsqucwQ-jHFMc6iwDRk_fp+8xWPQ@mail.gmail.com>
	<9246.1345321014@sandelman.ca>
	<alpine.DEB.2.02.1208201315540.23568@asgard.lang.hm>
	<CAC938DiarPg3OHOtPO1T8+LeG_jux526btzT1MGoBT4VKhSmgA@mail.gmail.com>
Comments: In-reply-to George Lambert <marchon@gmail.com>
	message dated "Mon, 20 Aug 2012 16:41:48 -0400."
X-Mailer: MH-E 8.3; nmh 1.3; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 20 Aug 2012 19:19:27 -0400
Message-ID: <19070.1345504767@sandelman.ca>
Sender: mcr@sandelman.ca
Subject: Re: [Cerowrt-devel] cerowrt 3.3.8-17: nice latency improvements,
	some issues with bind
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2012 20:45:58 -0000

--=-=-=


>>>>> "George" == George Lambert <marchon@gmail.com> writes:
    George> Check and set the time by syncing to NTP Servers - not user supplied times
    George> if the network
    George> is available. to see if they have set times > those set by NTP Server

    George> http://tf.nist.gov/tf-cgi/servers.cgi

    George> The global address *time.nist.gov* is resolved to all of the server
    George> addresses below in a round-robin sequence to equalize the load across all
    George> of the servers.

Good idea, but you need DNS to find that server, and you need
time to do DNSSEC.

If the time is set years into the future, then DNSSEC may also fail, as
the signatures would be too old.   Accepting that might be a problem.

If the time can be set like this by an operator, then there is a
problem, and an operator will have to deal with it.  It's best to stick
to what we can do automatically.

--
Michael Richardson
-at the cottage-


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAABAgAGBQJQMsX+AAoJEKD0KQ7Gj3P2BW4H/2WX+CqdGRsssudVZuo361O/
2OUYuaPjlKDgd8wneqeniMJ2T7lNd59V+ERT0iQaAPIa7dLBqBPWlFuK77FrFh3w
PnWP70tQp9mGwQ7UMBy9IUrfqRwF4r8VNCC2BwPvJ/6Kro3kbMwd7Cv9OPnjaO/Z
FPB1SMVPKXSp3Eke7JryZlu2M8SMkX/Vk8W8yR/jQhwHXU3hwRazaRkEu7fq2Pbr
l3nioR3aS4fc1RFwuAR14qCaXUanfnrQoYaUNlEWDRObYNpl995qkJZSn7DU5ZiL
Fcn0p8Vcc0pYR5/0Gpftcg+ovrPLP3bZSUldnWWtsr6ML2vDSWNX9ZIVcnVitmg=
=618z
-----END PGP SIGNATURE-----
--=-=-=--