[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] Moving ntpd to an open VCS

From: Greg Troxel
Subject: Re: [gpsd-dev] Moving ntpd to an open VCS
Date: Tue, 29 Oct 2013 08:37:03 -0400
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.4 (berkeley-unix)

"Gary E. Miller" <address@hidden> writes:

> On Mon, 28 Oct 2013 07:25:20 -0400
> Greg Troxel <address@hidden> wrote:
>> To authenticate a time server, one needs to check some sort of
>> certificate and check the expiration/valid times (or else there is no
>> means of revocation).
> I musta missed something, when did ntpd servers start using certificates??
> I see nothing about that in the ntpd man page.

Sorry, didn't mean to say it did.  I meant that to really start from
nothing, with good security properties, something like that 

>> In addition, one needs to be very clear on whether the mechanisms used
>> to secure the routing infrastructure (e.g. OSPF MD5, IPsec for OSPF,
>> etc.) need time to function.   This leads to a hierarchy of how the
>> entire network system is bootstrapped.
> Yes, that is the bigger problem.  Which is why I always try to hard code
> the basics as much as possible.  Core network autoconfig at boot time is
> always a loser.

For actually operating today, I see your point.  But overall I see the
issue as a research problem :-)

Attachment: pgpTAaOjwWPHT.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]