In message <20070108105925.GA19303_at_fysh.org>, Zefram writes:
>Poul-Henning Kamp wrote:
>>We certainly don't want to transmit the leap-second table with every
>>single NTP packet, because, as a result, we would need to examine
>>it every time to see if something changed.
>
>Once we've got an up-to-date table, barring faults, we only need to check
>to see whether the table has been extended further into the future.
Wrong. Somebody somewhere will fatfinger the table and that delta
needs to be revokable.
>>Furthermore, you will not getaround a strong signature on the
>>leap-second table, because if anyone can inject a leap-second table
>>on the internet, there is no end to how much fun they could have.
>
>This issue applies generally with time synchronisation, does it not?
>NTP has authentication mechanisms.
Yes, and nobody uses them because they are too hard to set up.
But the crypto overhead is yet another reason why the leap table
shall not be sent in each and every NTP packet.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk_at_FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
Received on Mon Jan 08 2007 - 03:34:38 PST