On Tue, Aug 9, 2022 at 12:40 AM Hal Murray <halmurray+...@sonic.net> wrote:
> I work on NTP software. NTS (Network Time Security) uses TLS. > > Many security schemes get tangled up with time. TLS has time limits on > certificates. That presents a chicken-egg problem for NTP when getting > started. > IIRC, this is one of the main arguments for advancing Roughtime: https://datatracker.ietf.org/doc/draft-ietf-ntp-roughtime/ Assuming Roughtime is 'close enough', you can bootstrap NTP and then do whatever else requires an accurate notion of the current time. What Peter said isn't quite right, since (for example) you wouldn't want to be obliged to distribute revocations for compromised but long-expired certificates under the assumption that a properly-functioning client wouldn't accept them anyway, but relying on Roughtime as a bootstrapping mechanism limits the risk of trusting an expired cert. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
