[email protected] said: > I suggest that NTS should encourage users to write the current time to a > persistent file that is available upon reboot. This should be overwritten > on every clock update. Then, when the client reboots, it can check that > the expiry time of the certificates is no earlier than the last time time > written to the presisent file. This limits the impact of attackers that use > old compromised certificates to break the security of NTS.
I think the issue of getting started is much more complicated than that. It probably deserves a separate document to collect all the ideas. Individual documents like NTS should be explicit about what they are assuming. Do they need valid (how close?) time or valid certificates or ??? The above paragraph assumes the system has a writable file system. The "every clock update" may be too expensive for some systems. What happens the first time? Even if you assume that file was sanely initialized at the factory, the unit may have sat on a shelf for a long time. What do you do if your clock gets set far into the future? -- These are my opinions. I hate spam. _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
