[ntp:hackers] A stop-gap authenticated time service
stenn at ntp.org
Mon Nov 16 01:56:58 UTC 2015
"Poul-Henning Kamp" writes:
> In message <56492730.8010604 at tmsw.no>, Terje Mathisen writes:
> >> Here is a summary of the very crude proof-of-concept experiment
> >> I left simmering the last week:
> >> http://phk.freebsd.dk/time/20151115.html
> >To me this seems like an invitation to advocate bare-bones HTTPS service
> >on as many pool servers as possible, the cheapest way to achieve this
> >would be to make the pool a CA, i.e. avoiding the cost of normal
> >Verisign etc certificates.
> I'll leave it to others to design such public services, if we want
> to have one. I have my hands (and calendar) plenty full as it is.
> But *IF* we decide to go this route, we should push an RFC which
> nails down:
> A) Which *exact* request is sent, how many times, how often.
> B) How can HTTPs servers best say "Go Away" and mean it.
> (https://google.com may not want to be time servers...)
> C) What is the best answer to send (optional: "NTP:" HTTP header)
> I'll happy lift the research and nail down the details, but I
> don't have time to learn the IETF-rituals and fly to the other
> end of the world for meetings. I hope somebody skilled in
> that art will be willing to assist us.
What's the timetable? This is something I'm happy to have NTF pursue.
> PS: Also, if any of you have HTTPS servers you can allow me to
> test against I'd appreciate it.
We have a few of these. Please let me know what you want.
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!
More information about the hackers