From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kevin@darbyshire-bryant.me.uk>
Received: from emea01-am1-obe.outbound.protection.outlook.com
	(mail-am1on0080.outbound.protection.outlook.com [157.56.112.80])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client CN "mail.protection.outlook.com",
	Issuer "MSIT Machine Auth CA 2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 5EE4521F4F1
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sat, 11 Apr 2015 09:32:29 -0700 (PDT)
Authentication-Results: lists.bufferbloat.net; dkim=none (message not signed)
	header.d=none;
Received: from [IPv6:2001:470:183f:da2c::6f83:3b88]
	(2001:470:183f:da2c::6f83:3b88) by
	DB5PR07MB0934.eurprd07.prod.outlook.com
	(25.161.200.141) with Microsoft SMTP Server (TLS) id 15.1.136.25;
	Sat, 11 Apr 2015 16:32:25 +0000
Message-ID: <55294C81.9000709@darbyshire-bryant.me.uk>
Date: Sat, 11 Apr 2015 17:32:01 +0100
From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: <cerowrt-devel@lists.bufferbloat.net>
References: <5519712F.7030309@petit-huguenin.org>	<CAA93jw4L-EgiUWQ5K8iPi0aFAmYYfU9bNYiS_0h6o2DrrqfrVQ@mail.gmail.com>	<55198CBE.1030001@thekelleys.org.uk>	<55199322.9030805@petit-huguenin.org>	<CAA93jw40JmFXUcDLAeFEioUi+5zuO=UBiBucQmN3a_i-5bbE5A@mail.gmail.com>
	<552937B3.10008@petit-huguenin.org>
In-Reply-To: <552937B3.10008@petit-huguenin.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha1; boundary="------------ms000309050003070507090608"
X-Originating-IP: [2001:470:183f:da2c::6f83:3b88]
X-ClientProxiedBy: BY2PR04CA0074.namprd04.prod.outlook.com (10.255.247.42) To
	DB5PR07MB0934.eurprd07.prod.outlook.com (25.161.200.141)
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR07MB0934;
X-Microsoft-Antispam-PRVS: <DB5PR07MB0934BA8FC8D1ECE0332759DFA5F90@DB5PR07MB0934.eurprd07.prod.outlook.com>
X-Forefront-Antispam-Report: BMV:1; SFV:NSPM;
	SFS:(10009020)(979002)(6009001)(479174004)(51704005)(377454003)(24454002)(92566002)(86362001)(46102003)(74482002)(36756003)(54356999)(87266999)(76176999)(87976001)(62966003)(512944002)(77156002)(65956001)(65806001)(5890100001)(568964001)(19580395003)(80316001)(5000100001)(99136001)(2950100001)(40100003)(64126003)(50986999)(450100001)(65816999)(15974865002)(4001350100001)(33656002)(110136001)(107886001)(2351001)(84326002)(122386002)(83506001)(42186005)(93886004)(59896002)(163123001)(3826002)(969003)(989001)(999001)(1009001)(1019001);
	DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR07MB0934;
	H:[IPv6:2001:470:183f:da2c::6f83:3b88]; FPR:; SPF:None;
	MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; 
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(601004)(5005006)(5002010); SRVR:DB5PR07MB0934; BCL:0;
	PCL:0; RULEID:; SRVR:DB5PR07MB0934; 
X-Forefront-PRVS: 05437568AA
X-OriginatorOrg: darbyshire-bryant.me.uk
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2015 16:32:25.1842 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0934
Subject: Re: [Cerowrt-devel] [Dnsmasq-discuss]  DNSSEC and www.ietf.org
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 16:32:59 -0000

--------------ms000309050003070507090608
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 11/04/2015 16:03, Marc Petit-Huguenin wrote:
> On 03/30/2015 12:42 PM, Dave Taht wrote:
>> for cerowrt-3.10? Really wasn't planning on it. Didn't even know there=

>> was a problem til today...
> So I suppose that means that Cerowrt is now unmaintained and that I sho=
uld switch to something else, because my job requires near constant acces=
s to www.ietf.org and I will not disable DNSSEC.
>
> So, what would you recommend for my WNDR3800?
>
> Thanks.

Openwrt chaos calmer trunk (latest) as of a day ago has dnsmasq 2.73rc4
with suitable handling for DNSSEC.   Certainly I've DNSSEC enabled and
can browse the site you mention without obvious problem.

The automatic determination of 'valid current time' and hence checking
signature timestamps has an issue:  The startup script uses 'touch -t
1970epoch timestampfile' to pre-create a timestamp file which slightly
defeats the inbuilt dnsmasq logic...not helped by the fact '-t' is an
invalid option.


--------------ms000309050003070507090608
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINnDCC
BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3
MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T
dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr
lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM
zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6
qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD
kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95
m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v
c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD
CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy
6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI
zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf
KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR
z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9
sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie
uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t
w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ
G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t
5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIHYDCCBkigAwIBAgIDCm0/MA0GCSqGSIb3DQEB
BQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g
Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTQwNzAzMTE1NjM5
WhcNMTUwNzA0MTc0MjQ1WjBxMRkwFwYDVQQNExA2dVNGb1pMU1d2dGgyd2tNMSYwJAYDVQQD
DB1rZXZpbkBkYXJieXNoaXJlLWJyeWFudC5tZS51azEsMCoGCSqGSIb3DQEJARYda2V2aW5A
ZGFyYnlzaGlyZS1icnlhbnQubWUudWswggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDqCZMbkat9lukbtY+VQ4HBVkcHtcUU1sWZlg7foJ6XEQXCb3ArlyY7V+AldkNY6qRlrlVt
YZmSFtDsors5e3Z1VWlEYBZEbnR57t5jmfGYmaaDzc8YsWr5gsUTa+MV/MNHpuAlf9GwgQCQ
e7SC7kEzkQZApfB8/zG/a5JxgVXD9c3vK40p3OW27ZqVN9rie5SoLi1KEfQbA//VyPPeDpus
oDwYGq6AA82lLFvgBxi1JPlS7M9zToUQCXpvDexQPiok1iqhwYBwX3qmSInlVWnudgaJ25iL
m8/9bG5nCIo+dOEZP/bOCEsMzV8n9RaCNu8ilpjMXsHbkgrlvng81CTUFlYWhdMg58CM7N9y
gSBjCKuHmJwQbIdsCmuKEOFVLZR8OZzoue6e/HAQlunWEfrr/H4+UYp8yTNLybqfcyZ3k7Sg
i207jicY5dVKKFFY8eSB8Ps2svxj6BgrNPZMGzW36zRwaK1MpOZxHItCcuyXo+WkI3/61BZ5
mg34ejrgalQ04887n+4u3XPKnM/IwXfivlOD+n8bOOAGR8iZVlLTVmvypMdX3+wL/yB/w8g1
Ojj9Bk5/ksZb9Eh+3q1cVOOuXa/hcCLLqetNFzlxHjbVXzBKwO9pOs50DVxtv070KalD3iqz
8hCwnDt7odkGHwXyZAErmUSjc6tqVMivid/1swIDAQABo4IC4zCCAt8wCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSg
QyTrQHiayWJq77xyyu7kpPmJ2jAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAo
BgNVHREEITAfgR1rZXZpbkBkYXJieXNoaXJlLWJyeWFudC5tZS51azCCAUwGA1UdIASCAUMw
ggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0
c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFj
Y29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUg
U3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVy
cG9zZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2
BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3Js
MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5j
b20vc3ViL2NsYXNzMS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRz
c2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRw
Oi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAChYSPOI6HHjtB2zQSGb
7vqo2f/QAum648uoNCFXf/ZmpU42ca6hq/JqsugqbnCY72hNTpCh3JZwTTaBWBvj1vzjjMra
pLixIvceaAqMj6vd+L43APuMMmTH9tUUNS1ksXdA2r6STVIbr4p2sbVV3WktLGFnNAy5uXbr
mLHay5w6jcmSfTAh1aA49sSvp+8CB6q6uDef2j9X8OE9Ajr5l0mcnGdVOkLZU6Zq20G8jb3p
sdqoO9MU5UbKfZCN4/ibr+/0Pj3VZIE3jCEW2DwguN6DIDAYVc6b7RFGf3cWadJrSa887Sc/
9wzXymTKAyBvfgRQeWcZ+5w4RlOI/TmpNfwxggTdMIIE2QIBATCBlDCBjDELMAkGA1UEBhMC
SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJ
bnRlcm1lZGlhdGUgQ2xpZW50IENBAgMKbT8wCQYFKw4DAhoFAKCCAh0wGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwNDExMTYzMjAxWjAjBgkqhkiG9w0B
CQQxFgQUFK/0fTW+gz7aPWgmIk884HH4v9kwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQME
ASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBpQYJKwYBBAGCNxAEMYGXMIGUMIGMMQsw
CQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ
cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwptPzCBpwYLKoZIhvcNAQkQAgsxgZeg
gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT
ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBD
bGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCm0/MA0GCSqGSIb3DQEB
AQUABIICALT29sOUWiQYCazjjo26qfTxDpXMjskwLMXtWbRpP7dHKAxXZl8WbdU7LjnlfFsk
IdE6WdjuFLvYr2iB6DwcKWPOcIu8b4omtzvjGI3RqG0g+7iSyt+FBnV3Tl0ntSJnCO0i4E1A
gAwvOe4XWzTTkGZJ3CsXV0bGDD9ZtzGAjp4uYXlwNfMNwPo69yXq8dNyKnMM+Qir5niULkqB
T8meynjeZUZjIaGEl0sfzjrxLrhzm+G/7WH1oASwpQPuxd5NWAPzFL3eSHxPtIJ0+lHH9ky4
XtM/YM3h73hjR+lKSSV0o77qovgIhfiTw3rdISEmMIL+jduf1FyXEqjkE4QdX2uFQNmQdXTZ
op7cVtbW0/lEeHYCz+bbHZfpfO/ssR2F+iz4SHDzlYTPJSuQOW6ISJh5R3KkZyMdXP51pnX/
Lt+Ta8zPwrcE+O653TZ4GZDGVPERBnRmy1dcKtzYsw3Su2yJvb0qLI/T2v/m1aGNm8Mt9yJC
AmUR/D6LShv5as8KSM+NltziA8oxhwlYjbejxmCOCHdclEJnh/oScuKJ11Eg4Cd3vRIr1Tay
YZgTTrz166zXbe3TtBufe/BJd1z+3fZ/6lbk/wyxWoTRByjJH0O2ifbqZXocIlsJB1YSHvcp
2vfTUTGXQTSXBRVtZUuUX767dEpOgmeANP+ONXwZqPVgAAAAAAAA
--------------ms000309050003070507090608--