From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Valdis.Kletnieks@vt.edu>
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id A0B6E21F25E
	for <cerowrt-devel@lists.bufferbloat.net>;
	Mon, 24 Mar 2014 06:55:24 -0700 (PDT)
Received: from mr3.cc.vt.edu (mr3.cc.vt.edu [198.82.141.68])
	by lennier.cc.vt.edu (8.13.8/8.13.8) with ESMTP id s2ODsral012023;
	Mon, 24 Mar 2014 09:54:53 -0400
Received: from auth1.smtp.vt.edu (auth1.smtp.vt.edu [198.82.161.152] (may be
	forged))
	by mr3.cc.vt.edu (8.14.4/8.14.4) with ESMTP id s2ODsleb009363;
	Mon, 24 Mar 2014 09:54:53 -0400
Received: from turing-police.cc.vt.edu
	([IPv6:2601:8:1f80:613:5929:c4a9:6ec0:9ba4]) (authenticated bits=0)
	by auth1.smtp.vt.edu (8.14.4/8.14.4) with ESMTP id s2ODslcu004346
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 24 Mar 2014 09:54:47 -0400
X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.5+dev
To: Chuck Anderson <cra@WPI.EDU>
In-Reply-To: Your message of "Mon, 24 Mar 2014 08:29:16 -0400."
	<20140324122915.GP7867@angus.ind.WPI.EDU>
From: Valdis.Kletnieks@vt.edu
References: <MTAwMDA0MC5kZWNveQ.1395459208@quikprotect>
	<CAA93jw6GDnoP8_0ZBuQhK0cF2JTWrp281mRWMh5UCUvQ2r71EQ@mail.gmail.com>
	<MTAwMDAzOS5kZWNveQ.1395522917@quikprotect>
	<CALQXh-MsLsWeVT_3+XaFQy5d3OcpbkQcgMi0mROuO0J5JS0Q7Q@mail.gmail.com>
	<8738i9rwrx.fsf@alrua-x1.karlstad.toke.dk>
	<CALQXh-OBUPGe6i1OHvOg2T+aWwRtdqrqAJ4w5po9=r+jG07kmw@mail.gmail.com>
	<12727.1395614516@sandelman.ca>
	<CALQXh-MX89Z6DzSL_RramPP=epMcAbEktHRZ=xqa8k3PE80bPA@mail.gmail.com>
	<87txanj4sz.fsf@alrua-x1.karlstad.toke.dk>
	<20140324122915.GP7867@angus.ind.WPI.EDU>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1395669287_1994P";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Mon, 24 Mar 2014 09:54:47 -0400
Message-ID: <230052.1395669287@turing-police.cc.vt.edu>
X-Spam-Status: No, score=-0.5 required=5.0 tests=RP_MATCHES_RCVD
	autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mr3.cc.vt.edu
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] DNSSEC & NTP Bootstrapping
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 13:55:25 -0000

--==_Exmh_1395669287_1994P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

On Mon, 24 Mar 2014 08:29:16 -0400, Chuck Anderson said:

> How about writing an RFC to define a well-known NTP anycast address
> and using that as a fallback?  This is a problem that needs to be
> solved for the larger internet community, not just CeroWRT/OpenWRT.

Using a well-known anycast address for NTP is somewhat problematic for se=
curity.
It's possible to secure anycast DNS using DNSSEC - but the NTP crypto isn=
't
suitable for securing an anycast mode.

Fortunately, for many use cases, we can probably rely on the upstream
provider to hand us an NTP server address in a DHCP extension.  If you're=

willing to trust the *rest* of that DHCP response, you may as well trust =
the
NTP server it points you at.

I admit not having a clever idea for the non-DHCP case though...

--==_Exmh_1395669287_1994P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001

iQIVAwUBUzA5JgdmEQWDXROgAQIbcg/6A5RwqoQv8u+uYzvqrBQbIWN1FwdK/9GQ
wv8B4FTWx9XUTAFzVvVFqbTATbG2VH+aQwPqrTxpjFHax0zXFie6773Iw83ZtWtd
W/YPJl82v/fTlA724Mfr0EC/A8bWDqmWlr8wMBIlfnBH0+45FMT3Fjv/RljbMM6p
WJt4+ynw5N6lKBZu5j5ONoWRY2PvdqGx31rbNCyLckE23obENLWTKlLnPCOQH2zd
iZeObTwOd0XZz1qYgGafhaqTm4/wzqdKFs1v1QKdFiSR7tOQGfErmIGj/YCPGSg2
RtfEJ+1jHyHurAtn6GYAPEZYvi/g763mZSnGArhTRwqTXv/icdukgz33X57IKfeJ
b/7DSaU28MxwxKf6KAIICx2tZ9IcoXPsdgAbv2/tNOjNJW+lDVNE//fudHBBIxvc
ZsBN3upUtQMTgVbPzOnYHGgOS8zpzan7YPRLEGlMXDUsLqab5VnqFYDKi0B4V/N3
wIKL6FdI9hTlqgTKMQ8OfH08di0ZGbbIZJQmY/IOBRuV6qQMVkqCeBRKvtrPIoZl
FxFk/2O9SiKWLJBjWWB/q8kRKQHI+pA8zMbUZg6Ct2HIzqQi7bVcCflXcn9oez5k
CHwPWq+Bj1GkExT7ytipYspQNS2QzLKpClv25Kw3dcpQmdR08s0Gyglp+p7w7E+/
RA36CX27W8Y=
=vRzX
-----END PGP SIGNATURE-----

--==_Exmh_1395669287_1994P--