7 Aug
2023
7 Aug
'23
6:06 a.m.
The paper suggests the compromise of critical infrastructure. So, besides not using NTP, why not stop using DNS ? Just populate a hosts file with all you need.
Well DNS can be cryptographically secured. There really isn’t any good reasons to not sign your zones today. The majority of responses from authoritative servers are validated today so if you sign the responses will be checked. Unfortunately most to those validations still result in insecure instead of secure because people are not signing their zones.
So does NTP, with NTS. https://datatracker.ietf.org/doc/html/rfc8915 Rubens