[Cerowrt-devel] DNSSEC & NTP Bootstrapping -- prototype!
toke at toke.dk
Sun Mar 30 14:38:04 EDT 2014
> > Well conceivably you could be in a situation where the roots
> > but validation fails further down the chain, making that scheme fail
> > weird and unpredictable ways?
I was thinking more about the case where, say, the root server keys validate, but the keys further down the chain have been changed, and the clock is set to a time in the interval between the respective beginnings of validity time... I would think that could happen with no malicious intent way too often for the root keys to be a very useful heuristic to use...
More information about the Cerowrt-devel