[Cerowrt-devel] DNSSEC & NTP Bootstrapping

Toke Høiland-Jørgensen toke at toke.dk
Mon Mar 24 05:59:08 EDT 2014


Aaron Wood <woody77 at gmail.com> writes:

> That would scale well for CeroWRT, but doesn't seem like it would
> scale well for general-use (OpenWRT). Or rather, the use of
> bufferbloat.net wouldn't scale well. But OpenWRT might be able to do
> the same with it's key, and have it's own ntp.openwrt.org which
> resolves into the general ntp pool.

Would this "caching of the key" be akin to distributing an extra trust
anchor with the key of the domain in question? And would the gain of
doing this be sufficient to warrant the extra complexity (as opposed to
just caching the IP address of one or more NTP servers)?

-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140324/f0f8f3d1/attachment.sig>


More information about the Cerowrt-devel mailing list