> On 23 Jan 2015, at 22:18, Warner Losh <i...@bsdimp.com> wrote: > > >> On Jan 23, 2015, at 1:19 PM, Poul-Henning Kamp <p...@phk.freebsd.dk> wrote: >> >> -------- >> In message <f81cdac7-5484-48dd-88db-d2af1d02d...@bsdimp.com>, Warner Losh >> write >> s: >> >>> The CRC shows that you have internally consistent data. It really only >>> catches DNS servers that tell lies for the purpose of redirecting traffic. >>> It wouldn’t catch a crafty DNS server that was telling a coherent lie >>> for nefarious purposes. >> >> Uhm, that crafty DNS server would surely be able to come up with a new >> non-eyebrow-raising CRC8 value as well... > > That’s my point. If someone wanted to lie to you about the number of > leap seconds, rather than just tell a general lie about an IP address, > the CRC won’t protect you.
In which case DNSSec signing the zone would not be onerous, given the very low rate of change. ian _______________________________________________ LEAPSECS mailing list LEAPSECS@leapsecond.com https://pairlist6.pair.net/mailman/listinfo/leapsecs