Warner Losh writes: > ... Clients can use them to sort out source of truth to determine the > truthiness of a given NTP servers information. > > It will also allow you to leverage DNSSEC to get all the security > inherent in that. Oh wait :)
DNSSEC needs accurate time (just to state what I expect is obvious). > Or you could sign the data with a public key that BIPM could publish > so the data can be validated as authentic, though that only works if > there's a convention for getting the signature for some > canonical representation of the data. All of this goes to the apparent lack of OS support for what should be done when the time "steps" - those sort of events could be reason to re-evaluate a significant class of timer events, which includes the need to re-evaluate trust certificates, which may cause a reload of DNS and other prior vetted information. -- Harlan Stenn <[email protected]> http://networktimefoundation.org - be a member! _______________________________________________ LEAPSECS mailing list [email protected] https://pairlist6.pair.net/mailman/listinfo/leapsecs
