Comment on Windows feature that resets system clocks based on random data is wreaking havoc
nickwitha_k@lemmy.sdf.org 1 year ago
That’s a hideous, over-engineered and thoroughly stupid failure at solving something that has already been solved better in open standards and FOSS. If argue that bare NTP is more secure on merit of not trusting random TLS certs to be accurate.
NTP is touched on in the article, and a quick Google shows that the largest difference NTP can correct before exiting in a panic is 1000s.
However there is an argument/flag to run ntpd once in a “just fix it” mode. So, having to use cert timestamps to “rough” the clock and allow NTP to “fine” it isn’t necessary.
It does seem strange to essentially create an out-of-band/off-label/out-of-scope time management system, when there are already open standards that work well for it.
Agreed. I think that the problem that I have with this is similar to the problem of orgs in the US using an SSN as a form of universal ID. The Social Security Administration clearly states that that is not the purpose and will not provide verification because of this. X.509 certs are not meant for this purpose and their implementation does not take this use case into consideration as would be required for its use in a secure manner.
Loulou@lemmy.mindoki.com 1 year ago
Or as they say, every probabilistic curve ends somewhere.
If it works 999.999 time out of a million, then every millionth windows will break.
What an awful way to try to figure out the time. I mean it could at least pop a big error if, lol, the time seems off by a week!