On 6/09/2010, at 8:56 AM, Lloyd Parkes wrote:
Yes, and so does NTP :-!. You need four servers to be able to detect a single byzantine failure. This extra resilience is needed because NTP allows one server in a network of NTP servers to change what the other servers think. This really messes up the naive best-of-three type algorithm that most people think will work.
I think we are talking about slightly different things. If the servers were synchronised to each other then yes you would need four for the remote case of one being hostile (or appearing hostile) by giving different info to each other server, for the others to detect and isolate the hostile one. But these servers are not synchronised, they are independent and so the issue becomes how many a client needs to be able to contact to get correct info even if one fails.
If the servers are set to trust only their own GPS (and not the other GPS clocks), then you may not be vulnerable to byzantine failures. You won't be able to protect against GPS hacking though, but you have to stop somewhere.
Ah Ok, should have read that first before writing the above. Yes they are quite deliberately set to only trust their own clocks and not synchronise with each other. cheers Jay
Cheers, Lloyd
This email and any attachment may contain confidential information. If you have received this email or any attachment in error, please delete the email / attachment, and notify the sender. Please do not copy, disclose or use the email, any attachment, or any information contained in them. Consider the environment before deciding to print: avoid printing if you can, or consider printing double-sided.
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840