[email protected] said: > Have you considered use of DNSSEC, CA and DANE records? That provides a > independent verification path.
I'm not enough of a DNS wizard to have an opinion about that level of detail. We need something like DNSSEC for the pool DNS lookup or bad guys can inject their crap at that step. In the non-pool case, DNSSEC isn't necessary since the TLS certificate check won't work if the DNS is forged to point to another server. -- These are my opinions. I hate spam. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
