[ntp:hackers] A stop-gap authenticated time service

Danny Mayer mayer at ntp.org
Mon Nov 16 14:38:52 UTC 2015


On 11/15/2015 8:41 PM, Hal Murray wrote:
>> (This obviously requires pool.ntp.org to support DNSSEC!)
> 
> I think DNSSEC requires time.  Is anybody who understands this area willing 
> to explain it to me/us?
> 

Yes, but I don't think that the pool DNS servers can use DNSSEC because
of the way it responds to queries for A/AAAA records. That would take
some research.

> Does the full blown HTTPS stuff depend upon knowing the time?

Of course. The certificates have expiration dates and if you don't know
the time how will you validate the certificate?

Danny
(with DNS hat on)




More information about the hackers mailing list