I also don't consider the ntp/dnssec issue a blocker, not at the moment.
 It's a larger problem to solve, and one that needs solving in a wider
context than just CeroWRT, and so we should keep working on a solution, but
not make it a "release blocking" issue.  It's a known issue, a known bit of
research to continue chiseling away it, but not a major blocker.

Especially since we can always switch to raw-ip addresses for the ntp
servers, as a workaround.

But I like some of the workarounds suggested such as starting secure, and
then slowly ratching down the security as things fail.  So long as we don't
expose a way to cripple the unit, or otherwise coerce it into misbehavior,
I think we'll find a solution along those routes.

-Aaron


On Wed, Mar 26, 2014 at 5:42 AM, <Valdis.Kletnieks@vt.edu> wrote:

> On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said:
>
> > I'm still at a loss as to the most correct way to bring up dnssec.
>
> Don't sweat it too much - nobody else in the security business knows
> how to do it either. :)  DNSSEC has even less uptake than IPv6....
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>