[Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs

Aaron Wood woody77 at gmail.com
Wed Mar 26 06:36:25 EDT 2014


I also don't consider the ntp/dnssec issue a blocker, not at the moment.
 It's a larger problem to solve, and one that needs solving in a wider
context than just CeroWRT, and so we should keep working on a solution, but
not make it a "release blocking" issue.  It's a known issue, a known bit of
research to continue chiseling away it, but not a major blocker.

Especially since we can always switch to raw-ip addresses for the ntp
servers, as a workaround.

But I like some of the workarounds suggested such as starting secure, and
then slowly ratching down the security as things fail.  So long as we don't
expose a way to cripple the unit, or otherwise coerce it into misbehavior,
I think we'll find a solution along those routes.

-Aaron


On Wed, Mar 26, 2014 at 5:42 AM, <Valdis.Kletnieks at vt.edu> wrote:

> On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said:
>
> > I'm still at a loss as to the most correct way to bring up dnssec.
>
> Don't sweat it too much - nobody else in the security business knows
> how to do it either. :)  DNSSEC has even less uptake than IPv6....
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140326/2b430d41/attachment-0002.html>


More information about the Cerowrt-devel mailing list