On Thu, Mar 31, 2016 at 12:37:40PM -0400, Sharon Goldberg wrote: > > Re: using unauthenticated time samples. > > Leaving this out of scope gives uses just enough rope to hang themselves. > The draft should explain the risks and implication of using unathenticated > time. As I discussed in my previous email, doing this allows even a > *boosttrapped* client to be attacked. I would even suggest that the draft > use MUST to forbid the use of unauthenticated samples. If this is already > in the draft and I have missed it, please accept my apologies.
I think the point about the local policy is that you might not have any servers that support NTS, and that you should probably have a config file that says it should be available or not. I guess you could have 3 modes of operations: 1) Don't do NTS at all 2) NTS must be supported (by at least some peers) 3) We don't know if NTS is going to be available or not, but we want to use it if it is. I'm not sure how useful the 3rd option is. I currently only see this working with a config file that doesn't use the pool. But I think software should probably have that as default option if it's using other peers than the pool, at least when NTS is still new. Kurt _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
