On 22/09/2016 12:52, Mirja Kuehlewind wrote:
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
"Each NTP clock has a set of N IP addresses. The assumption is that
the server information, including its multiple IP addresses is
known to the NTP clients."
A protocol specification should not make this assumption but describe a
mechanism how a client gets to know about these IP addresses.
The base NTP protocol gets the time server addresses by configuration,
and thus
the assumption seems reasonable.
There is something of a chicken and egg problem here since the IP
address of the time servers needs to be securely known, but to run a
security
protocol needs knowledge of the time. This observation may well point to a
security issue with the popular use of anycast domain names in NTP
configuration since it is difficult to see how you authenticate DNS without
prior access to time to validate a certificate from the DNS server.
You might encourage the IETF to look at this conundrum, and indeed the IOT
folks would like a solution, but I don't think you can burden this draft
with
solving the problem.
Regards
Stewart
_______________________________________________
TICTOC mailing list
TICTOC@ietf.org
https://www.ietf.org/mailman/listinfo/tictoc