[Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype!
Toke Høiland-Jørgensen
toke at toke.dk
Sun Mar 30 14:38:04 EDT 2014
> > Well conceivably you could be in a situation where the roots
> validate,
> > but validation fails further down the chain, making that scheme fail
> in
> > weird and unpredictable ways?
>
> http://www.bortzmeyer.org/dns-routing-hijack-turkey.html
>
> ?
I was thinking more about the case where, say, the root server keys validate, but the keys further down the chain have been changed, and the clock is set to a time in the interval between the respective beginnings of validity time... I would think that could happen with no malicious intent way too often for the root keys to be a very useful heuristic to use...
-Toke
More information about the Cerowrt-devel
mailing list