[ntp:hackers] A stop-gap authenticated time service

Harlan Stenn stenn at ntp.org
Mon Nov 16 01:56:58 UTC 2015


"Poul-Henning Kamp" writes:
> --------
> In message <56492730.8010604 at tmsw.no>, Terje Mathisen writes:
> 
> >> Here is a summary of the very crude proof-of-concept experiment
> >> I left simmering the last week:
> >>
> >> 	http://phk.freebsd.dk/time/20151115.html
> >>
> >To me this seems like an invitation to advocate bare-bones HTTPS service 
> >on as many pool servers as possible, the cheapest way to achieve this 
> >would be to make the pool a CA, i.e. avoiding the cost of normal 
> >Verisign etc certificates.
> 
> I'll leave it to others to design such public services, if we want
> to have one.  I have my hands (and calendar) plenty full as it is.
> 
> But *IF* we decide to go this route, we should push an RFC which
> nails down:
> 
> A) Which *exact* request is sent, how many times, how often.
> 
> B) How can HTTPs servers best say "Go Away" and mean it.
>    (https://google.com may not want to be time servers...)
> 
> C) What is the best answer to send (optional: "NTP:" HTTP header)
> 
> I'll happy lift the research and nail down the details, but I
> don't have time to learn the IETF-rituals and fly to the other
> end of the world for meetings.   I hope somebody skilled in
> that art will be willing to assist us.

What's the timetable?  This is something I'm happy to have NTF pursue.

> Poul-Henning
> 
> PS: Also, if any of you have HTTPS servers you can allow me to
>     test against I'd appreciate it.

We have a few of these.  Please let me know what you want.

-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!


More information about the hackers mailing list