Hi - >From: Olafur Gudmundsson <[email protected]> >Sent: Sep 11, 2013 7:19 AM >To: Evan Hunt <[email protected]> >Cc: "[email protected] WG" <[email protected]>, "[email protected] TF" <[email protected]> >Subject: Re: [DNSOP] Practical issues deploying DNSSEC into the home. ... >RRSIG on the SOA or NS or DNSKEY also is fine timestamp except when it is a >replay attack or a forgery, ...
RFC 3414 separates the notion of timeliness (replay detection) from authentication without requiring NTP or overly elaborate clock acquisition dances. Some of the ideas from that protocol's design might be useful in addressing this problem. Randy
