[ntp:hackers] A stop-gap authenticated time service
phk at phk.freebsd.dk
Mon Nov 9 23:29:12 UTC 2015
In message <56411A3C.1000106 at rubidium.dyndns.org>, Magnus Danielson writes:
>> I don't look into the RTT at all (for that and other reasons).
>> What you can do is increase my uncertainty window.
>If you create a slowly increasing asymmetric delay, very slow.
It is trival to raise an alarm when a HTTPS request which should
be sub second suddenly takes a minute.
In more general terms there is no way we can guarantee to know what
time it is, but we can avoid yanking the clock around to bogus input
and alert people that something shady is going on.
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the hackers