Secure NTP protocol

[trishankkarthik]

According to @JustinCappos:

A secure NTP solution is a solution [to address highly skewed or adrift client clocks]. However, what about mirrors and proxies? We need to think about that case in general.

[trishankkarthik]

What about mirrors and proxies? Unfortunately, I cannot remember the point @dstufft was making here.

[dstufft]

Metadata is useless after ~5 minutes, but that requires the clocks on PyPI and the client to be synchronized. In the real world people's clocks could be vastly skewed.

[trishankkarthik]

Yeap, I understand that. I think I should have rather said I cannot remember why we had talked about mirrors and proxies...how would they affect this problem?

[JustinCappos]

It's more that we need to account for these situations. Maybe this should have been a separate comment.

On Fri, Oct 25, 2013 at 10:02 PM, Trishank Karthik Kuppusamy < notifications@github.com> wrote:

Yeap, I understand that. I think I should have rather said I cannot remember why we had talked about mirrors and proxies...how would they affect this problem?

— Reply to this email directly or view it on GitHubhttps://github.com/theupdateframework/tuf/issues/132#issuecomment-27137067 .

[adrelanos]

Secure NTP is or secure NTP replacement is a very difficult problem. As nearly as difficult as "we need a secure update framework". ;)

NTP is unauthenticated by default. Difficult (impossible) to make authenticated for public use case. And autokey (NTP authentication) is flawed. Although not everything on the following page will 100% apply to you, there is quite a lot information and references on the topic of secure timesync at this page (That has been written also by me.): https://www.whonix.org/wiki/Dev/TimeSync

[trishankkarthik]

Need to look at roughtime at some point

[adrelanos]

Also have a look https://www.whonix.org/wiki/Sdwdate

[trishankkarthik]

Thanks for the tip!

[trishankatdatadog]

Out of the scope of TUF