Hi - >From: Olafur Gudmundsson <ogud@xxxxxxxx> >Sent: Sep 11, 2013 7:19 AM >To: Evan Hunt <each@xxxxxxx> >Cc: "dnsop@xxxxxxxx WG" <dnsop@xxxxxxxx>, "ietf@xxxxxxxx TF" <ietf@xxxxxxxx> >Subject: Re: [DNSOP] Practical issues deploying DNSSEC into the home. ... >RRSIG on the SOA or NS or DNSKEY also is fine timestamp except when it is a >replay attack or a forgery, ... RFC 3414 separates the notion of timeliness (replay detection) from authentication without requiring NTP or overly elaborate clock acquisition dances. Some of the ideas from that protocol's design might be useful in addressing this problem. Randy