Time synchronization issues

Joel N. Weber II ordev at joelweber.com
Sun Nov 9 05:46:04 UTC 2003


> I mostly agree, but want to say if it's essential for the security of
> the system, the software needs to verify it.  Nobody reads the
> documentation.

Right.  So if some subset of us write to all of the kernel maintainers
(Linux, Solaris, *BSD, etc) and insist that they need to support this,
is the necessary support going to appear everywhere?  (Consider how
quickly /dev/random probably didn't immediately pop up everywhere when
it was first proposed.)

(I think it would be sufficient to have a kernel API for setting the
clock have a flag to say that the clock was set in a secure fashion,
and the kernel can keep track of whether the last change had the
secure flag set, and ntpd can be modified to know how to set it.
Except that for a lot of cases, a certain amount of sanity checking
filtering insecurely-obtained time can reasonably substitute for
actually being secure, so you might want more than two levels.)




More information about the tor-dev mailing list