NTS, Big picture
Hal Murray
hmurray at megapathdsl.net
Fri Jun 1 18:38:24 UTC 2018
Thanks.
devel at ntpsec.org said:
> This is just off the top of my head, but I wonder if this is ultimately
> going to need an SSH-style "leap of faith" trust model. For example, the
> first time NTP starts up, it would ignore the NotBefore and NotAfter
> attributes, but validate everything else in the certificate as normal.
> ...
I've been assuming that we would be using a library to handle the certificate
processing, so that logic may need an API change.
> Another option would be to simply check the system clock for sanity (e.g.
> using the ntpd compilation date). If it's insane, do not check certificate
> expirations. Otherwise, always do. If the system clock is way off, the admin
> can manually set the clock within reason.
One of the nasty cases for ntp is a spare module that sits on a shelf for
10-20 years. If you have an embedded application, the admin may be back at
the factory.
This also comes up when trying to fixup GPS dates that have overflowed the 10
bit week counter.
--
These are my opinions. I hate spam.
More information about the devel
mailing list