On 10/18/2011 2:16 PM, [email protected] wrote: > Absolutely. But if you allow, say, one second round trip time, you have > to assume that your time is off by that amount from the master.
No, half that amount. Round trip means exactly that! In an > environment without active attackers you would assume that the error is > a fair amount smaller, basically the estimate of the difference between > the two legs of the trip plus some allowance for jitter. If you > introduce attackers, you might have an underlying network that offers > near-zero latency, and all the latency you’re seeing is due to active > attack on one or the other legs of the round trip. > I doubt that the interference would be that close and you certainly cannot count on that. Danny _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
