I agree with Hal that this problem is quite complicated. My suggestion was just meant to deal with a very easy case.
On Thursday, March 31, 2016, Hal Murray <[email protected]> wrote: > > [email protected] <javascript:;> said: > > I suggest that NTS should encourage users to write the current time to a > > persistent file that is available upon reboot. This should be > overwritten > > on every clock update. Then, when the client reboots, it can check > that > > the expiry time of the certificates is no earlier than the last time time > > written to the presisent file. This limits the impact of attackers that > use > > old compromised certificates to break the security of NTS. > > I think the issue of getting started is much more complicated than that. > > It probably deserves a separate document to collect all the ideas. > Individual documents like NTS should be explicit about what they are > assuming. Do they need valid (how close?) time or valid certificates or > ??? > > The above paragraph assumes the system has a writable file system. The > "every clock update" may be too expensive for some systems. > > What happens the first time? Even if you assume that file was sanely > initialized at the factory, the unit may have sat on a shelf for a long > time. > > What do you do if your clock gets set far into the future? > > > -- > These are my opinions. I hate spam. > > > > _______________________________________________ > ntpwg mailing list > [email protected] <javascript:;> > http://lists.ntp.org/listinfo/ntpwg > > -- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
