[ntp:questions] Re: NTP sync
brad.knowles at skynet.be
Tue Sep 23 17:08:33 UTC 2003
At 4:43 PM +0000 2003/09/23, David L. Mills wrote:
> One conclusion is that time
> synchronization must be the first service to bring up once network
> transport and routing are running.
That assumes that all applications are time-critical, to
relatively high values of resolution. In the case of the Mars
Internet segment of the Interplanetary Internet, that's probably
true. Here on earth, there are many applications that are less
sensitive to time differences.
> You can't do anything else until
> certificates and signatures are verified, and thus the synchronization
> and cryptographic authentication must be bundled together. And, all this
> must be managed in an environment where terrorists are flooding replays
> and bogons and middlemen.
Of course, anything involving crypto is likely to be pretty
time-sensitive, and therefore should not be attempted until proper
time synchronization is in place. Or, at the very least, should be
re-verified once proper time sync is operational.
This places some strong design criteria on many applications that
the application authors are likely to be ignorant of, which will
probably cause us some serious problems.
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the questions