Tony Finch wrote:
> I have the beginnings of a solution to this problem. It is based on using
> tlsdate, which gets the time from a server with minimal risk of
> interference by a man-in-the-middle.
TLS is another PKI and is inherently insecure as CAs can be
compromised.
As David Conrad wrote in this thread:
> How does a 32 or 64 bit message ID protect you from on-path
> MITM/injection attacks?
we should assume local ISP can be compromised.
Then, as compromising a CA is just as easy as compromising
an ISP, PKIs, including but not limited to DNSSEC and TLS,
are inherently insecure.
Worse, tlsdate has a chicken and egg problem. Without secure
clock, how can you be sure that certificate for tlsdate is
still valid?
> If you get the time from several
> diverse servers you can be very sure you have the right time if enough
> of them agree.
It is not more secure than using multiple NTP servers with
plain NTP.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
