>Which in some implementations, means having a clock to know that your current >firmware is actually newer than the "proposed" new firmware (which is really >much older), or knowing that it's been too long since a firmware load.
Where I entered the discussion is basically saying that only way to get secure time on today's internet that sort of scales is to start a TLS connection with a server you trust. One thing we could do is to design a secure time protocol, but I doubt that that is going to fly, and certainly not in the near future. Another thing would be to adapt security protocols to deal with less secure or less accurate time. But that requires actually going over DNSSEC and TSL and possibly other protocols and think about the effects of less secure or less accurate time. That can be done, but some working group would have too actually do the work. So that leaves me with the conclusion: if you need DNSSEC or TLS for security purposes, then the only way to be secure is to fetch the time using TLS from a server you trust. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
