On 26/04/11 12:55 PM, "Randy Bush" <ra...@psg.com> wrote:
> how about the following in draft-ymbk-bgpsec-ops? > > As a router must evaluate certificates and ROAs which are time > dependent, routers' clocks MUST be correct to a tolerance of > approximately an hour. So what you are allowing here is a clock signing/validation drift of +/- 60 minutes. yeah? > > If a router believes it has bogus clock, e.g. if it is 1970, 2005, or > similar, it SHOULD NOT attempt to validate incoming updates. My guess here is you mean that the clock hasn't been set, based on your example. Might be best just to say that if a clock isn't stratum 1 or 2 (or something) NTP sourced than validation should be postponed. Otherwise I find it difficult to consume how a router itself will know if it's clock has a drift of over an hour. especially if its NTP source is wrong. > > Severs SHOULD provide time service, such as NTP [RFC5905], to client > routers. > Does this need to be said if you are making a MUST statement for NTP? Terry _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
