NTS, Big picture

Hal Murray hmurray at megapathdsl.net
Fri Jun 1 18:38:24 UTC 2018


devel at ntpsec.org said:
> This is just off the top of my head, but I wonder if this is ultimately
> going to need an SSH-style "leap of faith" trust model. For example, the
> first time NTP starts up, it would ignore the NotBefore and NotAfter
> attributes, but validate everything else in the certificate as normal. 
> ...

I've been assuming that we would be using a library to handle the certificate 
processing, so that logic may need an API change.

> Another option would be to simply check the system clock for sanity (e.g.
> using the ntpd compilation date). If it's insane, do not check certificate
> expirations. Otherwise, always do. If the system clock is way off, the admin
> can manually set the clock within reason. 

One of the nasty cases for ntp is a spare module that sits on a shelf for 
10-20 years.  If you have an embedded application, the admin may be back at 
the factory.

This also comes up when trying to fixup GPS dates that have overflowed the 10 
bit week counter.

These are my opinions.  I hate spam.

More information about the devel mailing list