At Tue, 30 Apr 2002 16:36:11 -0700, Bob Hinden wrote: > > I think you mentioned in an earlier email about the need for NTP in order > to use DNSSEC.
More precisely, in order to verify DNSSEC signatures, but yes. > From the discussion on the list it sounds like the timing requirement for > DNSSEC is for the host to have a clock that is +/- 5 minutes. This could > be implemented with NTP or something else (e.g., accurate clock). > > I read some of RFC2030 "Simple Network Time Protocol (SNTP) Version 4 for > IPv4, IPv6 and OSI". I think is what would be needed in most hosts. I agree that SNTP's granularity would suffice for DNSSEC's purposes. I'd add that one almost certainly wants to enable the NTP/SNTP authentication stuff (yet another key management swamp, bletch). SNTP is really just a lightweight version of NTP and operates on the same ports (SNTP clients can and do use NTP servers, although the other way around is a bad idea due to the precision downgrade), so the distinction between NTP and SNTP may not really be relevant for discovery purposes, but I have no problem with calling the service "SNTP" for now. > RFC2030 has three mechanisms for a host to communicate with a SNTP server: > Unicast, Multicast, and Anycast. The Multicast and Anycast use well know > IANA assigned multicast addresses and don't need any learned > configuration. The use of anycast is different than what we usually > discuss as it also uses the well known multicast addresses but assumes some > cooperation between the servers so only one responds. Er, no. "Anycast" (SNTP flavor) client sends out a multicast request, gets back zero or more unicast responses, and "binds" to the server that responds first. The servers don't coordinate their responses. > I would think the unicast approach should work with well known unicast > addresses (like the current DNS discovery proposal) at it uses UDP for a > transport and consists of a single request with a single response. Comments on "well known unicast address" model deferred to a later message. > I will add SNTP server addresses to the list of desirable features in the > requirements text. Thanks. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
