On Oct 9, 2013, at 1:59 PM, Joe Abley <jabley@xxxxxxxxxxx> wrote: > DNSSEC validation imposes a requirement for clock sync (to the accuracy reasonably required to consider signature inception and expiry times). There is a possible future in which such validation takes place on end hosts, rather than intermediate resolvers. (We may wind up somewhere else, but there are certainly people who think that is the Right Way). Sure. Including me. > In that sense any device that needs to look up names in the DNS has a potential requirement for time sync. Yes, definitely. > Of course even the wall clock you imagine might have a vendor who is capable of running their own array of time servers as (e.g.) Apple does, but it seems reasonable to imagine that there will be people who are not in that position, and since I agree with you when you say: > >> Of course, if a CPE vendor were to hard-code the FQDN of an NTP server belonging to someone else into their devices, that would be disastrous. > > it seems to me that there's a plausible use case for a DHCP client to receive direction on what servers to chime against. Yup. There's an equally plausible use case for distributing DNSSEC root keys using DHCP, so that the DHCP client has a current copy of the keys. This totally solves the key rollover problem! :) Of course, the situations are not precisely analogous, but the point is that just because DHCP could be conveniently used to suit some purpose, does not mean that it _should_ be used to suit that purpose. I think reasonable people can differ about configuring NTP over DHCP, but it really does depend on how you are using NTP. I think the main justification for using DHCP to configure NTP is in fact that it is expedient, even though it's not secure.