Clock skew and the importance of clock synchronization in HTTP servers.

Jim Gettys (jg@pa.dec.com)
Fri, 12 Sep 1997 04:40:39 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Gettys: "Clock skew and the importance of clock synchronization in HTTP servers."
Previous message: Jaye, Dan: "RE: comments on jaye-trust-state-01"

The attached is exerpted from an Internet draft Jeff Mogul is submitting
to the ID editor today, with some very interesting trace data. 

As you know, bad dates in documents will badly affect caching behavior in 
the Web, up to and including serving documents long after they should have 
expired to unsuspecting users (with no way in HTTP/1.0 to ever force a reload 
on the cache, this problem will be with us for a long time until most 1.0 
proxies are gone)...

The situation is much worse than I believe most of us or all of us have 
realized. More than 1/5 of the servers are wrong by more than a minute.  
Ugh...  Shudder... Median errors are in the two minute range.

While I will be adding some text to the 1.1 spec encouraging clock 
synchronization for reliable caching operation, there are some concrete 
things that can/should be done by those who have influence over HTTP 
implementations and documentation.

1) installation directions and scripts for Web servers/prxies should strongly 
encourage the use of clock synchronization (e.g. use of NTP or equivalent).  
In server installation directions I've seen, there has never been any mention 
of this topic (not that I've installed a server recently).

2) server implementors might consider some "sanity checks" in their code 
to warn operators that their systems are likely running badly synchronized. 
I can think of some heuristics that might work. I can think of ugly hacks 
like looking for the existance of an NNTP server running.  It may be 
that the system call interfaces to adjusting clocks might or might not be 
useful to warn operators (it's been too long since I looked at how NTP is 
commonly implemented, and whether those system call interfaces provide 
applications useful information on whether the clock is running within the 
phase lock capture range)....  Exactly what might/should be done
here is not completely clear and maybe worth discussion.

In any case, I think at a minimum installation directions for Web servers 
and proxies should get some work to encourage better practice, even if not 
a line of code changes in the software itself.  This is a call for us to 
go poke our respective documentation folks on this topic... 				- Jim


				- Jim Gettys

Next message: Jim Gettys: "Clock skew and the importance of clock synchronization in HTTP servers."
Previous message: Jaye, Dan: "RE: comments on jaye-trust-state-01"