[ntp:hackers] A stop-gap authenticated time service

Poul-Henning Kamp phk at phk.freebsd.dk
Mon Nov 16 01:08:19 UTC 2015

In message <56492730.8010604 at tmsw.no>, Terje Mathisen writes:

>> Here is a summary of the very crude proof-of-concept experiment
>> I left simmering the last week:
>> 	http://phk.freebsd.dk/time/20151115.html
>To me this seems like an invitation to advocate bare-bones HTTPS service 
>on as many pool servers as possible, the cheapest way to achieve this 
>would be to make the pool a CA, i.e. avoiding the cost of normal 
>Verisign etc certificates.

I'll leave it to others to design such public services, if we want
to have one.  I have my hands (and calendar) plenty full as it is.

But *IF* we decide to go this route, we should push an RFC which
nails down:

A) Which *exact* request is sent, how many times, how often.

B) How can HTTPs servers best say "Go Away" and mean it.
   (https://google.com may not want to be time servers...)

C) What is the best answer to send (optional: "NTP:" HTTP header)

I'll happy lift the research and nail down the details, but I
don't have time to learn the IETF-rituals and fly to the other
end of the world for meetings.   I hope somebody skilled in
that art will be willing to assist us.


PS: Also, if any of you have HTTPS servers you can allow me to
    test against I'd appreciate it.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the hackers mailing list