On 8/11/2022 1:54 PM, Benjamin Kaduk wrote:
On Thu, Aug 11, 2022 at 12:35:23PM -0700, Christian Huitema wrote:
Isn't the ANIMA WG working on these scenarios? If there is a formal
"enrollment" process for adding a device to a network, that process could
include setting the time, and possibly performing updates. I say "possibly"
here, because in scenarios like "disaster recovery", the local network may
not have global connectivity. But even so, setting the time during
enrollment seems logical.
https://www.rfc-editor.org/rfc/rfc8995.html#section-2.6 seems to already
have some discussion of how to handle the lack of a(n accurate) real-time
clock, yes.
There is a bit of a missed opportunity here. That section explains how
to perform enrollment despite not having a good notion of time on the
device, but it does not explain how the device could use enrollment to
reset its clocks. Maybe that's obvious and I am just missing it. For
example, the device will get some notion of time from the dates in the
certificates that are provisioned during enrollment. Maybe that's enough
to move from the 10 years scenario to the one year scenario, and then
call NTP. But it would probably be better to spell it out.
-- Christian Huitema
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
