Add support for "constraints": when configured, ntpd(8) will query the - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2015-02-10 06:40:08 +0000
committer	reyk <reyk@openbsd.org>	2015-02-10 06:40:08 +0000
commit	bc58a738ead390a0baee6a923c6e761eaf42fcdd (patch)
tree	b259317e9eba62c78f14363d3e359f9a60e3ca4b /sys/net/pf_ioctl.c
parent	Expand IMPLEMENT_ASN1_NDEF_FUNCTION and IMPLEMENT_ASN1_PRINT_FUNCTION (diff)
download	wireguard-openbsd-bc58a738ead390a0baee6a923c6e761eaf42fcdd.tar.xz wireguard-openbsd-bc58a738ead390a0baee6a923c6e761eaf42fcdd.zip

Add support for "constraints": when configured, ntpd(8) will query the

time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses. This adds some level of authentication and protection against MITM attacks while preserving the accuracy of the NTP protocol; without relying on authentication options for NTP that are basically unavailable at present. This is an initial implementation and the semantics will be improved once it is in the tree. Discussed with deraadt@ and henning@ OK henning@

Diffstat (limited to 'sys/net/pf_ioctl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: