(hate to jump into the fray, but...) On Tue, Apr 26, 2011 at 1:30 AM, Randy Bush <ra...@psg.com> wrote:
> so, i have hacked > > As a router must evaluate certificates and ROAs which are time > dependent, routers' clocks MUST be correct to a tolerance of > approximately an hour. > does there need to be a 'why' for the 'approximately an hour'? (like: "since granularity of cert time-to-live's is 30 mins on the minimum side" ... wordsmith or whatever as appropriate) > If a router has reason to believe its clock is seriouly incorrect, it 'has reason to believe' ... seems hard to do, if you are insane, how do you know? I don't know how a router would know this, or determine it.. unless some protocol it's speaking gives it time-hints. Would it be appropriate to hack in a timehack to the rkpi-rtr protocol? (featurecreeper!) > SHOULD NOT attempt to validate incoming updates. It SHOULD defer > validation until it believes it is within reasonable time tolerance. > > Servers SHOULD provide time service, such as NTP [RFC5905], to client > routers. it seems that 'SHOULD' here may lead into forcing (or appearing to force) ops to do something they don't already do (or perhaps wouldn't want to do... jigsaw with logs is fun!), maybe that's what's gotten at least terry's attention? -Chris _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr