Hey,
> I thought that main issue that TLS layer requires already good time,
> otherwise certificates in the chain may not pass the verification.
That is valid too, however the reason is explained in ntpd.conf(5)
> ntpd(8) can be configured to query the `Date' from trusted HTTPS
> servers via TLS. This time information is not used for precision but
> acts as an authenticated constraint, thereby reducing the impact of
> unauthenticated NTP man-in-the-middle attacks. Received NTP packets
> with time information falling outside of a range near the constraint
> will be discarded and such NTP servers will be marked as invalid.
Take care,
--
Polarian
Jabber/XMPP: polarian@icebound.dev
No comments:
Post a Comment