Tony Finch wrote: > I have the beginnings of a solution to this problem. It is based on using > tlsdate, which gets the time from a server with minimal risk of > interference by a man-in-the-middle.
TLS is another PKI and is inherently insecure as CAs can be compromised. As David Conrad wrote in this thread: > How does a 32 or 64 bit message ID protect you from on-path > MITM/injection attacks? we should assume local ISP can be compromised. Then, as compromising a CA is just as easy as compromising an ISP, PKIs, including but not limited to DNSSEC and TLS, are inherently insecure. Worse, tlsdate has a chicken and egg problem. Without secure clock, how can you be sure that certificate for tlsdate is still valid? > If you get the time from several > diverse servers you can be very sure you have the right time if enough > of them agree. It is not more secure than using multiple NTP servers with plain NTP. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop