[fr] no cert time check for nts #1428
Comments
|
Or maybe it could be done a bit smarter? I have shared configuration for multiple devices, some without RTC and some with RTC. no idea if that's possible, idk how kernel/hw works and if that's exposed, hwclock shows "hardware clock" on my orange pi which I guess is some component on SoC but ofc it can't be powered while the SBC is unplugged - ntpd-rs could check on start if there's a physical, battery powered RTC or not and then either turn the check time off or on. |
|
Starting up is still something that we don't do particularly well. Instead of completely disabling time checks in certificates, we probably want to create a startup procedure where we initially get the time without checking the certificate validity, then run NTS once more with that time to check that the certificate is valid, and only then start trusting the time and change the system clock. One thing we could additionally check is to make sure that the certificate is at least valid after the build/commit time of the current ntpd-rs binary to at least have some initial frame of reference for when the certificate for the NTS server should be valid. |
|
Not sure about the build/commit time approach. Stripping .git in tarballs is common and for reproducible builds the date is often set to the beginning of epoch |
Currently I believe ntpd-rs is missing an option to disable cert time checking in NTS.
Devices without a RTC will boot with invalid date which will fail NTS cert time checks. chrony has a possibility to set
nocerttimecheck 1. Could be done with some harm reduction - multiple sources would need to initially serve the same time, after getting a consensus on the initial time, create a "lockfile" so after restart/crash it still does cert time checks properly.The text was updated successfully, but these errors were encountered: