[ntp:questions] Re: Cryptography

Hal Murray hmurray at suespammers.org
Fri Dec 12 17:42:35 UTC 2003


>That's what I'm trying to figure out how to avoid -- can the clients
>get trustworthy information from the stratum 1 without talking to it?

Sure, in some sense.  If you get the S1 key by some out-of-band
distribution channel, then you can verify data from that server,
even if it is relayed through other servers.

But you can't verify when you are getting it relative to when it
was sent unless both ends have the same idea of time.  And if you
know the time, you wouldn't need the services of a S1 time server.

I think any schemes to reduce the load on the server will also reduce
how much information (about the time) you can get from the server.

It might be good enough to poke the server occasionally and verify
that the S2/S3 servers you are using are not obviously cheating.
But they could still lead you off by a small amount, say 100 ms if
your check is only good for 250 ms.  That sort of approach might
be good enough to catch things like GPS leap second glitches, but
you can probably filter them out with just your local clock.


This problem area seems related to securely distributing info
(say DNS) where it really helps for both systems to have the same
time.

-- 
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's.  I hate spam.




More information about the questions mailing list