[LEAPSECS] crc-8?

Ian Batten igb at batten.eu.org
Sun Jan 25 10:58:17 EST 2015


> On 23 Jan 2015, at 22:18, Warner Losh <imp at bsdimp.com> wrote:
> 
> 
>> On Jan 23, 2015, at 1:19 PM, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>> 
>> --------
>> In message <F81CDAC7-5484-48DD-88DB-D2AF1D02D129 at bsdimp.com>, Warner Losh write
>> s:
>> 
>>> The CRC shows that you have internally consistent data. It really only
>>> catches DNS servers that tell lies for the purpose of redirecting traffic.
>>> It wouldn’t catch a crafty DNS server that was telling a coherent lie
>>> for nefarious purposes.
>> 
>> Uhm, that crafty DNS server would surely be able to come up with a new
>> non-eyebrow-raising CRC8 value as well...
> 
> That’s my point. If someone wanted to lie to you about the number of
> leap seconds, rather than just tell a general lie about an IP address,
> the CRC won’t protect you.

In which case DNSSec signing the zone would not be onerous, given the very low rate of change.

ian



More information about the LEAPSECS mailing list