[Nea] Secure time

[Randy Turner <rturner at amalfisystems.com>]

Hello All,

I wanted to solicit opinions as to the relevance of "secure  
timekeeping" as a part of a security posture.  Most security  
standards, as well as practically everything in Windows 7, will be  
relying on a PKI and the issuance of certificates to do encryption,  
digital signatures, and authentication, as well as other functions.   
How a system maintains time is critical to the accuracy of certificate  
validation. For instance, if a system's notion of time can be  
"forged", then the certificate validation steps that utilize time- 
based verification would be suspect.

Currently, there is not an attribute that describes "how" the current  
time (wall-clock time, UTC, etc.) is derived by a system, or if  
derived remotely, from what "source" it is derived.

Considering the ever increasing reliance on digital certificates that  
include validation time-stamps, I was hoping to get some type of  
working group opinion about the need to recognize "secure time" as  
either a posture attribute, or as a pre-existing fundamental  
requirement for implementation of NEA. And if it's a pre-existing  
requirement, then include one or more reference documents that would  
allow implementations to coalesce on at least a common "mechanism" for  
obtaining secure time.

Thanks all!!
Randy


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www.ietf.org/mailman/listinfo/nea