undefined | Better HN

0 pointscyounkins3y ago0 comments

Yeah I guess in general if the security of TLS depends on correct timekeeping (eg a compromised key enables an attacker to use an old cert), then in theory we should secure the time sync protocol. The NIST servers page [1] describes an authenticated+encrypted NTP for VIPs, but I don't know a solution for the layperson.

[1] https://tf.nist.gov/tf-cgi/servers.cgi

0 comments

3 comments · 1 top-level

nine_k3y ago· 2 in thread

For TLS, you need a roughly correct time; being many minutes off is usually acceptable. No need for GPS clocks and other such stuff.

Ideally your machine should have a functioning battety-backed RTC. The vast majority of larger machines do.

In a data center, DHCP or well-known local addresses should offer hard-to-spoof poiners to local NTP servers for bootstrapping.

I don't see a large problem here; a reasonable startup sequence that makes sure a correct time is set before attempting TLS connections should just work. DNS requiring TLS and thus a correct system time is slightly novel, so approaches ignoring it expectedly fail.

RedShift13y ago

What do you do with embedded devices where the RTC battery has died? Replace the battery but you have no way to set the clock and the device won't connect to anything anymore because its clock is off, so just throw it away then? Doesn't sound environmentally friendly... And yes CR2032 batteries can last a long time but they can also fail, just a a month ago I had to replace one that was only a year old.

nine_k3y ago

Attach a com port, set the date correctly, since you came to replace the battery anyway :-/

Frankly, there is a balancing act between the desire for a device to work unattended for the longest time, and security implications of running an outdated or degraded device. Now that the RTC becomes more important, equip it with better batteries :(

1 more reply

j / k navigate · click thread line to collapse