Sharon Goldberg writes: > On Fri, Mar 25, 2016 at 5:09 AM, Harlan Stenn <[email protected]> wrote: > > Can one have reliable IPSEC if the time is unknown? > > Great point, but bootstrapping is a problem for NTS as well. > > If time is unknown, certificates cannot be trusted, and NTS uses > certificates for key establishment (KE). See my other email. "NTS: > boostrapping clients".
Yes, and this goes to having "enough" sources of time, and having proper monitoring. One of the key components of NTF's General Timestamp API is the "time discontinuity counter" - a counter that increments on each time "step". With proper logging, it becomes easier to track what's going on. Also, a system can maintain both relative and absolute clocks, and use this to provide updated log timestamps in the face of changes to the absolute timeline. H _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
