oss-sec mailing list archives
Re: can we talk about secure time?
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 21 Dec 2014 23:30:10 -0700
On 21/12/14 10:51 PM, Hanno Böck wrote:
On Sun, 21 Dec 2014 12:31:07 +0100 Florian Weimer <fw () deneb enyo de> wrote:Some folks want to run their servers within a few milliseconds of each other, and do not care so much about security or resiliency.I perfectly understand that some people need more accuracy than tlsdate can give. However it's probably rare, right? I don't see any reason why average consumer hardware (Desktop, smartphone etc.) would have any problem with the 1-2 sec max inaccuracy of tlsdate.
Having to reconcile multiple logs/events across widely distributed systems, especially in high volume situations, 1-2 seconds is a deal breaker. Or people running SCADA systems for industrial plants. Or people that run financial systems. A lot of them care very much about security, and require accurate time, or else there's really no point to this all. To say nothing of a post incident forensics response, where loose time would make things a lot harder to figure out. So it's not an either/or situation (care about security, or have accurate time, sometimes we need both). -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: can we talk about secure time?, (continued)
- Re: can we talk about secure time? Stuart Henderson (Dec 20)
- Re: can we talk about secure time? Daniel Kahn Gillmor (Dec 20)
- Re: can we talk about secure time? ncl () cock li (Dec 20)
- Re: can we talk about secure time? Daniel Micay (Dec 20)
- Re: can we talk about secure time? Florian Weimer (Dec 21)
- Re: can we talk about secure time? Daniel Micay (Dec 21)
- Re: can we talk about secure time? Dave Horsfall (Dec 21)
- leap seconds and security [was: Re: can we talk about secure time?] Daniel Kahn Gillmor (Dec 21)
- Re: can we talk about secure time? Florian Weimer (Dec 21)
- Re: can we talk about secure time? Hanno Böck (Dec 21)
- Re: can we talk about secure time? Kurt Seifried (Dec 21)
- Re: can we talk about secure time? Hanno Böck (Dec 21)
- Re: can we talk about secure time? Walter Parker (Dec 21)
- Re: can we talk about secure time? John Haxby (Dec 22)
- Re: can we talk about secure time? Dave Horsfall (Dec 22)
- Re: can we talk about secure time? Richard Johnson (Dec 25)
- Re: can we talk about secure time? Stuart Henderson (Dec 20)