[ntp:questions] Authenticated TLS "constraints" in ntpd
Harlan Stenn
stenn at ntp.org
Thu Feb 12 20:12:05 UTC 2015
Miroslav Lichvar writes:
> On Wed, Feb 11, 2015 at 02:29:54PM +0100, Terje Mathisen wrote:
> > Jan Ceuleers wrote:
> > >I'd like to draw this list's attention to an idea that Reyk Floeter
> > >floated, namely to use TLS to help sanity-check NTP timestamps:
> > >
> > >http://marc.info/?l=openbsd-tech&m=142356166731390&w=2
> > >
> > Isn't public/private signed timestamps far better?
>
> It surely is, but NTP currently doesn't have a suitable authentication
> scheme for such use, does it?
>
> My understanding is this will change when the new Network Time
> Security (NTS) specification is implemented in NTP. Does anyone know
> how far it is? Is anyone working on it?
There is a decent chance it will be available before this summer.
H
More information about the questions
mailing list