[Dnssec-deployment] NTP & DNSSEC: chicken & egg?

Ondřej Surý ondrej.sury at nic.cz
Mon Jun 14 09:11:12 EDT 2010


On 15.2.2010 00:03, Mark Andrews wrote:
> In message<alpine.LFD.1.10.1002141722170.9554 at newtla.xelerance.com>, Paul Wout
> ers writes:
>> A wrong system time on your *signer* is much more devastating.
>
> Yep.
>
> It would be nice if there were standard api to indicate if your
> clock is synced and the signer could use those if it was paranoid.
> Note: ntp can also "successfully" sync onto the wrong date so even
> ntp synced is not a guarentee of correct time.

I know it's not "standard", but you could at least use 
ntp_adjtime/ntp_gettime on BSDs and adjtimex on Linux.  Or is there 
something I am not aware of?

Ondrej
-- 
  Ondřej Surý
  vedoucí výzkumu/R&D manager
  -------------------------------------------
  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
  Americka 23, 120 00 Praha 2, Czech Republic
  mailto:ondrej.sury at nic.cz    http://nic.cz/
  tel:+420.222745110       fax:+420.222745112
  -------------------------------------------


More information about the Dnssec-deployment mailing list