igb at batten.eu.org
Sun Jan 25 10:58:17 EST 2015
> On 23 Jan 2015, at 22:18, Warner Losh <imp at bsdimp.com> wrote:
>> On Jan 23, 2015, at 1:19 PM, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>> In message <F81CDAC7-5484-48DD-88DB-D2AF1D02D129 at bsdimp.com>, Warner Losh write
>>> The CRC shows that you have internally consistent data. It really only
>>> catches DNS servers that tell lies for the purpose of redirecting traffic.
>>> It wouldn’t catch a crafty DNS server that was telling a coherent lie
>>> for nefarious purposes.
>> Uhm, that crafty DNS server would surely be able to come up with a new
>> non-eyebrow-raising CRC8 value as well...
> That’s my point. If someone wanted to lie to you about the number of
> leap seconds, rather than just tell a general lie about an IP address,
> the CRC won’t protect you.
In which case DNSSec signing the zone would not be onerous, given the very low rate of change.
More information about the LEAPSECS