[LEAPSECS] stale leap second information

Harlan Stenn stenn at ntp.org
Fri Jan 16 17:19:49 EST 2015


Warner Losh writes:
> ... Clients can use them to sort out source of truth to determine the
> truthiness of a given NTP servers information.
> 
> It will also allow you to leverage DNSSEC to get all the security 
> inherent in that. Oh wait :)

DNSSEC needs accurate time (just to state what I expect is obvious).

> Or you could sign the data with a public key that BIPM could publish
> so the data can be validated as authentic, though that only works if
> there's a convention for getting the signature for some
> canonical representation of the data.

All of this goes to the apparent lack of OS support for what should be
done when the time "steps" - those sort of events could be reason to
re-evaluate a significant class of timer events, which includes the need
to re-evaluate trust certificates, which may cause a reload of DNS and
other prior vetted information.
-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!


More information about the LEAPSECS mailing list