[dhcwg] Re: [ntpwg] DNSSEC in names vs. numbers for NTP server information in DHCP
Harlan Stenn <stenn@ntp.org> Wed, 28 November 2007 00:50 UTC
Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxB8i-0003yc-4T; Tue, 27 Nov 2007 19:50:56 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxB8h-0003yP-9E for dhcwg@ietf.org; Tue, 27 Nov 2007 19:50:55 -0500
Received: from mail1.ntp.org ([204.152.184.126]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IxB8g-0005OF-T7 for dhcwg@ietf.org; Tue, 27 Nov 2007 19:50:55 -0500
Received: from localhost (localhost [127.0.0.1]) by mail1.ntp.org (Postfix) with ESMTP id 4DE1839DBF; Wed, 28 Nov 2007 00:50:54 +0000 (UTC) (envelope-from stenn@ntp1.ntp.org)
Received: from mail1.ntp.org ([127.0.0.1]) by localhost (ntp1.isc.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13107-02; Wed, 28 Nov 2007 00:50:31 +0000 (UTC)
Received: from ntp1.ntp.org (localhost [127.0.0.1]) by mail1.ntp.org (Postfix) with ESMTP; Wed, 28 Nov 2007 00:50:29 +0000 (UTC) (envelope-from stenn@ntp1.ntp.org)
To: shane_kerr@isc.org
In-Reply-To: Message from Shane Kerr <Shane_Kerr@isc.org> of "Wed, 28 Nov 2007 01:42:55 +0100." <474CB98F.7050603@isc.org>
X-Mailer: MH-E 7.4.2; nmh 1.0.4; XEmacs 21.4 (patch 14)
Mime-Version: 1.0 (generated by tm-edit 1.8)
Content-Type: text/plain; charset="US-ASCII"
Date: Wed, 28 Nov 2007 00:50:29 +0000
From: Harlan Stenn <stenn@ntp.org>
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on ntp1.isc.org
Message-Id: <20071128005054.4DE1839DBF@mail1.ntp.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: ntpwg@lists.ntp.org, dhcwg@ietf.org
Subject: [dhcwg] Re: [ntpwg] DNSSEC in names vs. numbers for NTP server information in DHCP
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org
Shane wrote: > It occurs to me that DNSSEC requires accurate time. So, we have a bit > of a bootstrapping issue if we ever decide to secure DNS zones that > contain NTP servers in them and expect clients to use the server names > to find them. > It seems like we have to provide IP addresses for NTP servers for this > reason. In that scenario, yes, that would appear to be the best policy. If one is going to use DHCP to offer NTP configuration information there are good reasons to provide IP addresses to certain hosts. Similarly, there are good reasons to provide names to other hosts. Indeed, one may wish to provide a list of servers using a combination of names and IP addresses. But this is all true for ntp configuration in general - the same issues occur regardless of where the configuration information comes from. H _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] DNSSEC in names vs. numbers for NTP serve… Shane Kerr
- [dhcwg] Re: [ntpwg] DNSSEC in names vs. numbers f… Harlan Stenn
- Re: [dhcwg] DNSSEC in names vs. numbers for NTP s… Masataka Ohta
- Re: [dhcwg] DNSSEC in names vs. numbers for NTP s… Danny Mayer
- Re: [dhcwg] DNSSEC in names vs. numbers for NTP s… David W. Hankins
- [dhcwg] Re: [ntpwg] DNSSEC in names vs. numbers f… David L. Mills
- Re: [ntpwg] [dhcwg] DNSSEC in names vs. numbers f… TS Glassey
- Re: [ntpwg] [dhcwg] DNSSEC in names vs. numbers f… TS Glassey