[ntp:questions] questions Digest, Vol 79, Issue 37

Uwe Klein uwe at klein-habertwedt.de
Mon May 23 10:47:43 UTC 2011


Kevin Coulombe wrote:
> Hi,
> 
> Indeed, making it 100% secure is impossible. As long as the user control the
> hardware, there is always a way to crack it. We need to simply make it
> "difficult enough".
> 
>>From the dicussion here, I think SSL is safe if we provide the client
> certificate. The only missing lego block is where to get the time from (as
> was pointed out, within a few hours is good enough). After reading your
> comments, it does seem like overkill to consider NTP for this. I would have
> prefered to query a server other than our own to have better uptime
> (Google's for example).
> 
> Do you guys know a reliable known server that handles the time protocol
> through SSL?
> 


Well except not checking the certificate here:

uwe at home:~> wget -S --no-check-certificate https://www.nist.gov
--12:44:16--  https://www.nist.gov/
            => `index.html.1'
Resolving www.nist.gov... 129.6.13.45
Connecting to www.nist.gov|129.6.13.45|:443... connected.
WARNING: Certificate verification error for www.nist.gov: unable to get local issuer certificate
HTTP request sent, awaiting response...
   HTTP/1.1 403 Forbidden
   Date: Mon, 23 May 2011 10:44:17 GMT
   Server: Apache
   Content-Length: 202
   Keep-Alive: timeout=15, max=100
   Connection: Keep-Alive
   Content-Type: text/html; charset=iso-8859-1
12:44:17 ERROR 403: Forbidden.

I suppose NIST, whitehouse.gov and similar sites do
reliably have "good" time.


uwe




More information about the questions mailing list