Joe Abley (jabley) writes:
>
>
> 1. subverting sufficient NTP responses over a long enough period to cause the
> remote resolver's clock to turn back in time (long period suggested due to
> many/most? implementations' refuse large steps in times, and hence many
> smaller steps might be required)
Many systems will run ntpdate on startup.
> This seems like an intractably difficult thing to accomplish.
It does seem far fetched.
> What am I missing?
There may be good reasons to increase key length, this is not one I'm
worried about (then again, no one worried about source port
randomization
before 2008 :)
P.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
