On Tue, 18 Sep 2007 13:51:55 -0400 [EMAIL PROTECTED] wrote: > On Tue, 18 Sep 2007 09:27:32 PDT, Bora Akyol said: > > > > It is not dependent on time. You'd like a protocol to be self > > sufficient if at all possible. > > > > Moving the vulnerability of one protocol to another is not highly > > desirable in general. > > The interesting failure mode is, of course, what happens when you're > not in time sync, so the routing protocol falls over - and due to the > lack of routing table entries, you become unable to reach your > timesource.
I've been talking with Xin offline, and raised that exact point. That said, in some security contexts there's little choice: you have to have some way to assure that a message is fresh. There are other choices in some environment, such as monotonically increasing counters and challenge/response protocols; depending on other decisions and the particular context, these may be worse or not even possible. For example, if someone several hops away from the origination needs to examine a signed *object*, a timestamp is probably better than a counter, and challenge/response isn't even possible. That doesn't make timestamps good -- and they do have many disadvantages -- but they may be the only choice. --Steve Bellovin, http://www.cs.columbia.edu/~smb