Chris Albertson <albertson.ch...@gmail.com> wrote: > On Thu, Mar 24, 2011 at 2:26 PM, <j...@specsol.spam.sux.com> wrote: > > >> When I see questions like this my first response is "Why all the bother?". >> >> There is nothing secret or proprietary about the time of day. > > > Security is so that you know you are not being spoofed. Or if you are > providing the time so that you can prove to your users that you are > who you claim to be and are not spoofing them.
The question was about clients authenticating to the server. See below. > There is the chance that someone might "impersonate" one of your > servers or a server you use. and then make a computer's clock be set > to the wrong time. Again "who cares" if you only use your computer > to serf the web and read emails but what if you were a bank processing > ATM or visa card transactions or worse a computer routing trans or > airplanes or controlling stop lights. > > If I were smart enough to remotely control a computer's time, then I > could maybe make stock trades with an effective trade date of four > hours ago. I could make a fortune. If the time on a client is that important, you run multiple local servers with backup like a GPS NTP box and you don't depend on getting the time across the Internet. If the time on a client is only "kind of" important, you still run multiple servers, which means a majority of your servers would have to be spoofed in sync before it would have any effect on the clients. If your clients and server are on your local network, it is not very likely your servers are going to be spoofed, and if it is you have bigger issues than the time of day. -- Jim Pennino Remove .spam.sux to reply. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
