Re: can we talk about secure time?

[Kurt Seifried <kseifried () redhat com>]

On 21/12/14 10:51 PM, Hanno Böck wrote:
> On Sun, 21 Dec 2014 12:31:07 +0100
> Florian Weimer <fw () deneb enyo de> wrote:
>
> > Some folks want to run their servers within a few milliseconds of each
> > other, and do not care so much about security or resiliency.
>
> I perfectly understand that some people need more accuracy than tlsdate
> can give. However it's probably rare, right? I don't see any reason why
> average consumer hardware (Desktop, smartphone etc.) would have any
> problem with the 1-2 sec max inaccuracy of tlsdate.

Having to reconcile multiple logs/events across widely distributed
systems, especially in high volume situations, 1-2 seconds is a deal
breaker. Or people running SCADA systems for industrial plants. Or
people that run financial systems. A lot of them care very much about
security, and require accurate time, or else there's really no point to
this all.

To say nothing of a post incident forensics response, where loose time
would make things a lot harder to figure out.

So it's not an either/or situation (care about security, or have
accurate time, sometimes we need both).

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature