[ntp:questions] Re: NTP sync

Brad Knowles brad.knowles at skynet.be
Tue Sep 23 17:08:33 UTC 2003


At 4:43 PM +0000 2003/09/23, David L. Mills wrote:

>                                   One conclusion is that time
>  synchronization must be the first service to bring up once network
>  transport and routing are running.

	That assumes that all applications are time-critical, to 
relatively high values of resolution.  In the case of the Mars 
Internet segment of the Interplanetary Internet, that's probably 
true.  Here on earth, there are many applications that are less 
sensitive to time differences.

>                                     You can't do anything else until
>  certificates and signatures are verified, and thus the synchronization
>  and cryptographic authentication must be bundled together. And, all this
>  must be managed in an environment where terrorists are flooding replays
>  and bogons and middlemen.

	Of course, anything involving crypto is likely to be pretty 
time-sensitive, and therefore should not be attempted until proper 
time synchronization is in place.  Or, at the very least, should be 
re-verified once proper time sync is operational.

	This places some strong design criteria on many applications that 
the application authors are likely to be ignorant of, which will 
probably cause us some serious problems.

-- 
Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)



More information about the questions mailing list