[time-nuts] Re: NIST NTP servers way off for anyone else?

[Trent Piepho]

On Tue, Dec 14, 2021 at 2:21 PM Hal Murray <halmurray at sonic.net> wrote:
>
> > I've seen cards (ethtool) that support several time options - what are  they
> > and how do I use them?
>
> I'm not sure which options you are referring to.

Probably the flags from ethtool -T output:

Time stamping parameters for eth0:
Capabilities:
    hardware-transmit     (SOF_TIMESTAMPING_TX_HARDWARE)
    software-transmit     (SOF_TIMESTAMPING_TX_SOFTWARE)
    hardware-receive      (SOF_TIMESTAMPING_RX_HARDWARE)
    software-receive      (SOF_TIMESTAMPING_RX_SOFTWARE)
    software-system-clock (SOF_TIMESTAMPING_SOFTWARE)
    hardware-raw-clock    (SOF_TIMESTAMPING_RAW_HARDWARE)

The software ones are normally alway present and are what you describe
with the kernel's timestamping.  The hardware are done by the network
PHY and need 1588 support in the driver, which is not common.  I don't
think any of the RPis support it.

>
> You can't have boxes on the internet update packets if you are interested in
> security.

That seems too restrictive.  Consider that TLS doesn't include the
TCP/IP header, which can be modified by IP fragmentation, and that is
still considered secure.

I think one could design a protocol such that each appended timestamp
is signed, and included a digest of all timestamps before it, so that
while one does not trust every timestamp in the chain, it can be
trusted that each timestamp was generated by entity that said it
generated it and that any timestamps generated by a trusted entity
were not later modified by a untrusted one.