"Bootstrap" protocol

[fiestajetsam]

Ulrich writes:

Should some kind of "boot protocol" be part of the specification? Meaning: If the client has no idea what the current time is, how can the "chicken-egg paradoxon" be solved (time required to check authentication, authentic responses needed to trust the time sent). I think in times of "IoT" this might be an important aspect (in the past "servers" had a battery backed up clock, or a trusted operator that sets/verifies/checks the clock on boot).

I disagree, thinking this should be left out of protocol spec but should be BCP'd as different deployments and implementations will have different requirements.

[fiestajetsam]

I'm not convinced this should be part of the document - deployment considerations, use of other backup sources of time or other protocols is by in large out of scope.