There is work in progress in the IETF on authenticated NTP. As far as I can tell, getting off the ground is a really hard problem. All the classical crypto work uses time to decide if the info you have is still valid and prevent replay attacks and things like that.
I think we should have a way for something dumb, like a toaster, to be able to get the right time. Another nasty case is a board that has been on the spares shelf for 10 years. There is a specific proposal called NTS. The next to last draft is 40 pages. (I'm one behind.) It takes 6 packets to set things up. The last step uses a certificate chain so you need to know the time. ... There is another proposal on how o use the above on NTP. (It's intended to cover PTP too.) The basic problem there is that the NTP packet format wasn't designed with extensions in mind. It seems simple to me. Just grandfather the old magic lengths and make all the new stuff use TLV (type, length, value) type formats. But it hasn't settled down yet. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
