>> sample
>> to validate the previous unauthenticated samples. If the offset
>> from the
>> first authenticated sample is not within some threshold of the
>> previous
>> samples then the older ones are thrown out. But if they are within
>> the
>> threshold they are accepted.
>
>My vote would be to put ideas like that on the back burner.
>
>It adds a layer of complexity it two places. That's an opportunity
>for bugs.
>
>One is the general NTP timekeeping area. The other is the security
>area.
I second this, with two reasons.
1) I agree with the statement about complexity in two places and am overall unsure whether the outlined idea has a good ratio of benefits to complexity costs.
2) I am fairly certain that any ideas like this should not concern either of the NTS-related documents. Whether/how to use any samples whose authenticity & integrity can *not* be verified by NTS should be out of scope for us.
Kristof
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
