Brandon Nielsen wrote: > If the DNS servers provided by DHCP are trusted, why > would any plain NTP servers also provided by DHCP not be trusted? I can > do nefarious things with either.
For DNS the solution is to not trust the DHCP-provided resolvers but validate DNSsec locally. A valid chain of DNSsec signatures tells you that the DNS record is authentic regardless of what servers it passed through on its way to you. Then you can use a DHCP-provided resolver without trusting it because the only nefarious thing it can do is to refuse to resolve a name for you, which just makes it a broken resolver. A similar approach for NTP would be if the stratum-1 servers would sign timestamps that secondary servers would cache and forward to clients, but caching timestamps doesn't work because the nature of a clock is that the time changes all the time. Thus I don't see how you can get out of trusting the NTP servers you use. Fedora's defaults should be chosen to keep users reasonably secure every way we can. If you as a sysadmin trust the DHCP server and every other device on the local network – including any device that may be connected in the future – then you should have the option to configure the system to trust DHCP-provided NTP and DNS servers. Björn Persson
pgpBIghKNvC8u.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
