[Cerowrt-devel] DNSSEC & NTP Bootstrapping
Simon Kelley
simon at thekelleys.org.uk
Mon Mar 24 17:39:03 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22/03/14 20:00, Toke Høiland-Jørgensen wrote:
> Simon Kelley <simon at thekelleys.org.uk> writes:
>
>> That would be possible: it would require care to make it work in
>> the face of the system time being warped by NTP. Best way may be
>> to use times() rather than time()
>
> Good point. Since the availability of reliable time is what we're
> waiting for, perhaps a large jump in the system clock could be
> taken to mean it has been achieved and taken as a signal to exit
> the grace period? With a timer for the case where the time is
> already accurate, of course. This would make it rather specific to
> this use case, though...
>
It could be done, but I'm not sure it's very _nice_.
What do people think?
Cheers,
Simon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMwpfcACgkQKPyGmiibgrfPegCfevYPY/WPb4/3lAdGnsBsM0EP
1WMAoItzEy8tbZ6d5ayfnClSvjy51tFb
=tL/K
-----END PGP SIGNATURE-----
More information about the Cerowrt-devel
mailing list