Re: [gpsd-dev] Moving ntpd to an open VCS

gpsd-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] Moving ntpd to an open VCS

From:	Sanjeev Gupta
Subject:	Re: [gpsd-dev] Moving ntpd to an open VCS
Date:	Tue, 29 Oct 2013 02:22:13 +0800

On Tue, Oct 29, 2013 at 2:14 AM, Gary E. Miller <address@hidden> wrote:

I musta missed something, when did ntpd servers start using certificates??

My understanding:

My embedded system, without an battery-backed clock boots
I wish to avoid my ISP tampering with my DNS resolution (or other MitM attacks)
I start ntpd
ntpd looks for us.pool.ntp.org , or tick.navy.mil , etc
The local resolver gets an IP address for the hostnames above
It needs to do DNSSEC checking, before it passes the IP address to ntpd
Because the local clock is still 1 Jan 1970, or similar, the DNSSEC certs fail
ntpd gets no answer to its request to resolve the names in ntp.conf
So time stays stuck in 1970, etc

One could periodically check for working, reachable, ntp servers, and place their IP addresses in ntp.conf, but it is to avoid such hard-coding that the Pool is trying to prevent.

--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gpsd-dev] Moving ntpd to an open VCS, (continued)

Prev by Date: Re: [gpsd-dev] Moving ntpd to an open VCS
Next by Date: Re: [gpsd-dev] Moving ntpd to an open VCS
Previous by thread: Re: [gpsd-dev] Moving ntpd to an open VCS
Next by thread: Re: [gpsd-dev] Moving ntpd to an open VCS
Index(es):
- Date
- Thread