It's not clear to me what "1970, 2005, or similar" means? Numbers with four digits? Five syllables*?
Maybe it would be clearer to use some heuristic based on the set of dates on certs/ROAs? Based on the assumption that the ROA issuers of the world will be reasonably well in sync with real time. If you're more than a few years off from the latest ROA issuance dates, then you're probably bogus. Say, take the average issuance of the most recent 100 ROAs and see if you're more than 5 years off. * "Two thousand *and* five" On Apr 25, 2011, at 10:55 PM, Randy Bush wrote: > how about the following in draft-ymbk-bgpsec-ops? > > As a router must evaluate certificates and ROAs which are time > dependent, routers' clocks MUST be correct to a tolerance of > approximately an hour. > > If a router believes it has bogus clock, e.g. if it is 1970, 2005, or > similar, it SHOULD NOT attempt to validate incoming updates. > > Severs SHOULD provide time service, such as NTP [RFC5905], to client > routers. > > randy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
