[Maas-devel] Clock skew and OAuth
Julian Edwards
julian.edwards at canonical.com
Tue Aug 21 04:00:01 UTC 2012
On Monday 20 August 2012 17:17:19 Gavin Panella wrote:
> On 20 August 2012 16:41, Robie Basak <robie.basak at canonical.com> wrote:
> > Scott pointed out a flaw in this to me offline. I had assumed that the
> > clock is only wrong by being in the past, and this solution will not
> > address the problem of the clock being wrong by being in the future.
> >
> > But AIUI now, this is problem on machines which have previously been
> > running on other OSes with the hardware clock set to local time rather
> > than UTC.
> >
> > This may completely wipe out my proposal, since we can only safely move
> > the time towards the future with this plan, and not towards the past.
>
> Is there any such thing as a time-since-power-on clock? That, in
> combination with it_is_after, would give us a semi-reliable upper
> bound on the correct time.
How about we approach this from a different point of view.
If we send a HTTP HEAD request (or any anonymous request) to the MAAS server,
we can get its time back in the headers and use that time instead of the
system clock's when sending requests.
Thoughts?
More information about the Maas-devel
mailing list