[ntp:hackers] A stop-gap authenticated time service
phk at phk.freebsd.dk
Mon Nov 16 01:08:19 UTC 2015
In message <56492730.8010604 at tmsw.no>, Terje Mathisen writes:
>> Here is a summary of the very crude proof-of-concept experiment
>> I left simmering the last week:
>To me this seems like an invitation to advocate bare-bones HTTPS service
>on as many pool servers as possible, the cheapest way to achieve this
>would be to make the pool a CA, i.e. avoiding the cost of normal
>Verisign etc certificates.
I'll leave it to others to design such public services, if we want
to have one. I have my hands (and calendar) plenty full as it is.
But *IF* we decide to go this route, we should push an RFC which
A) Which *exact* request is sent, how many times, how often.
B) How can HTTPs servers best say "Go Away" and mean it.
(https://google.com may not want to be time servers...)
C) What is the best answer to send (optional: "NTP:" HTTP header)
I'll happy lift the research and nail down the details, but I
don't have time to learn the IETF-rituals and fly to the other
end of the world for meetings. I hope somebody skilled in
that art will be willing to assist us.
PS: Also, if any of you have HTTPS servers you can allow me to
test against I'd appreciate it.
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the hackers