reyk
7433fa0bce
Add support for "constraints": when configured, ntpd(8) will query the
time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses. This adds some level of authentication and protection against MITM attacks while preserving the accuracy of the NTP protocol; without relying on authentication options for NTP that are basically unavailable at present. This is an initial implementation and the semantics will be improved once it is in the tree. Discussed with deraadt@ and henning@ OK henning@ |
9 years ago | |
---|---|---|
src | Add support for "constraints": when configured, ntpd(8) will query the | 9 years ago |