Joe Abley (jabley) writes: > > > 1. subverting sufficient NTP responses over a long enough period to cause the > remote resolver's clock to turn back in time (long period suggested due to > many/most? implementations' refuse large steps in times, and hence many > smaller steps might be required)
Many systems will run ntpdate on startup. > This seems like an intractably difficult thing to accomplish. It does seem far fetched. > What am I missing? There may be good reasons to increase key length, this is not one I'm worried about (then again, no one worried about source port randomization before 2008 :) P. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop