Sometimes Ignoring Time on Certificates (Was: Re: Docs we will need)

Mark Atwood, Project Manager mark.atwood at ntpsec.org
Thu Feb 7 02:44:35 UTC 2019


This sounds somewhat similar to the brilliant hack that is
https://github.com/ioerror/tlsdate

On Wed, Feb 6, 2019 at 9:34 AM Eric S. Raymond via devel <devel at ntpsec.org>
wrote:

> Richard Laager via devel <devel at ntpsec.org>:
> > On 2/5/19 7:49 PM, Richard Laager wrote:
> > > I have a specific proposal that I'll hopefully write up tonight, which
> > > may address the needs in this space.
> > I did some brainstorming on this with a colleague. I initially started
> > with an approach that would consider the system clock (if after
> > BUILD_EPOCH), then the drift file (if after BUILD_EPOCH), then accept
> > anything. But in the course of discussing it, I came up with something
> > that is a lot simpler and easier to reason about.
>
> Please add this as a new section to nts.adoc.
> --
>                 <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
>
> My work is funded by the Internet Civil Engineering Institute:
> https://icei.org
> Please visit their site and donate: the civilization you save might be
> your own.
>
>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
-- 

Mark Atwood
http://about.me/markatwood
+1-206-604-2198
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190206/adcba58a/attachment.html>


More information about the devel mailing list