[dhcwg] DNSSEC in names vs. numbers for NTP server information in DHCP

Shane Kerr <Shane_Kerr@isc.org> Wed, 28 November 2007 00:42 UTC

Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxB10-0004tj-C4; Tue, 27 Nov 2007 19:42:58 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxB0z-0004tR-6e for dhcwg@ietf.org; Tue, 27 Nov 2007 19:42:57 -0500
Received: from mx.isc.org ([2001:4f8:0:2::1c]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IxB0y-0000AD-Nm for dhcwg@ietf.org; Tue, 27 Nov 2007 19:42:57 -0500
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id 87D71114074; Wed, 28 Nov 2007 00:42:55 +0000 (UTC) (envelope-from Shane_Kerr@isc.org)
Received: from [204.152.189.28] (dhcp-wi-28.sql1.isc.org [204.152.189.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 22113E6056; Wed, 28 Nov 2007 00:42:56 +0000 (UTC) (envelope-from shane@isc.org)
Message-ID: <474CB98F.7050603@isc.org>
Date: Wed, 28 Nov 2007 01:42:55 +0100
From: Shane Kerr <Shane_Kerr@isc.org>
Organization: ISC
User-Agent: Thunderbird 2.0.0.9 (X11/20071116)
MIME-Version: 1.0
To: dhcwg@ietf.org
X-Enigmail-Version: 0.95.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: -3.9 (---)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: ntpwg@lists.ntp.org
Subject: [dhcwg] DNSSEC in names vs. numbers for NTP server information in DHCP
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: shane_kerr@isc.org
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I was reading the long, long, long thread(s) about putting NTP information into
DHCP, and the focus on whether DHCP servers should provide names or IP addresses
for NTP servers.

It occurs to me that DNSSEC requires accurate time. So, we have a bit of a
bootstrapping issue if we ever decide to secure DNS zones that contain NTP
servers in them and expect clients to use the server names to find them.

It seems like we have to provide IP addresses for NTP servers for this reason.

- --
Shane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTLmLMsfZxBO4kbQRAvdVAJ4j3CdU7WOIobV7/1shw6nNaX+j9wCfQgY9
Tu1+WtSfMikoNqked4ceQxc=
=WxZu
-----END PGP SIGNATURE-----

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg