[ntp:questions] questions Digest, Vol 79, Issue 37
uwe at klein-habertwedt.de
Mon May 23 10:47:43 UTC 2011
Kevin Coulombe wrote:
> Indeed, making it 100% secure is impossible. As long as the user control the
> hardware, there is always a way to crack it. We need to simply make it
> "difficult enough".
>>From the dicussion here, I think SSL is safe if we provide the client
> certificate. The only missing lego block is where to get the time from (as
> was pointed out, within a few hours is good enough). After reading your
> comments, it does seem like overkill to consider NTP for this. I would have
> prefered to query a server other than our own to have better uptime
> (Google's for example).
> Do you guys know a reliable known server that handles the time protocol
> through SSL?
Well except not checking the certificate here:
uwe at home:~> wget -S --no-check-certificate https://www.nist.gov
Resolving www.nist.gov... 22.214.171.124
Connecting to www.nist.gov|126.96.36.199|:443... connected.
WARNING: Certificate verification error for www.nist.gov: unable to get local issuer certificate
HTTP request sent, awaiting response...
HTTP/1.1 403 Forbidden
Date: Mon, 23 May 2011 10:44:17 GMT
Keep-Alive: timeout=15, max=100
Content-Type: text/html; charset=iso-8859-1
12:44:17 ERROR 403: Forbidden.
I suppose NIST, whitehouse.gov and similar sites do
reliably have "good" time.
More information about the questions