[ntp:questions] Authenticated TLS "constraints" in ntpd

Harlan Stenn stenn at ntp.org
Thu Feb 12 20:12:05 UTC 2015


Miroslav Lichvar writes:
> On Wed, Feb 11, 2015 at 02:29:54PM +0100, Terje Mathisen wrote:
> > Jan Ceuleers wrote:
> > >I'd like to draw this list's attention to an idea that Reyk Floeter
> > >floated, namely to use TLS to help sanity-check NTP timestamps:
> > >
> > >http://marc.info/?l=openbsd-tech&m=142356166731390&w=2
> > >
> > Isn't public/private signed timestamps far better?
> 
> It surely is, but NTP currently doesn't have a suitable authentication
> scheme for such use, does it?
> 
> My understanding is this will change when the new Network Time
> Security (NTS) specification is implemented in NTP. Does anyone know
> how far it is? Is anyone working on it?

There is a decent chance it will be available before this summer.

H


More information about the questions mailing list