[Cerowrt-devel] DNSSEC & NTP Bootstrapping

Chuck Anderson cra at WPI.EDU
Mon Mar 24 08:29:16 EDT 2014


On Mon, Mar 24, 2014 at 10:59:08AM +0100, Toke Høiland-Jørgensen wrote:
> Aaron Wood <woody77 at gmail.com> writes:
> 
> > That would scale well for CeroWRT, but doesn't seem like it would
> > scale well for general-use (OpenWRT). Or rather, the use of
> > bufferbloat.net wouldn't scale well. But OpenWRT might be able to do
> > the same with it's key, and have it's own ntp.openwrt.org which
> > resolves into the general ntp pool.
> 
> Would this "caching of the key" be akin to distributing an extra trust
> anchor with the key of the domain in question? And would the gain of
> doing this be sufficient to warrant the extra complexity (as opposed to
> just caching the IP address of one or more NTP servers)?

How about writing an RFC to define a well-known NTP anycast address
and using that as a fallback?  This is a problem that needs to be
solved for the larger internet community, not just CeroWRT/OpenWRT.



More information about the Cerowrt-devel mailing list