1 "Lets parasitically pool TLS resources into a single location!" 2 3 ntp has pool.ntp.org which currently hosts around ~3000 machines. 4 tlsdate has only the wild internet's pool of TLS/SSL machines. 5 6 It is believed that there are around ~185,000 reasonable SSL/TLS servers in the 7 genepool that is the internet. 8 9 To discover the relevant systems in the genepool we will conduct scans and 10 collect data of SSL/TLS services for the entire internet. When a server is 11 discovered and it is confirmed to have a reasonably accurate clock, we will 12 store it in the genepool list. 13 14 The genepool list will first be a text file included with tlsdate and tlsdate 15 will have an option to use the local genepool; it will randomly select an entry 16 from the list and use it for timing information. 17 18 The genepool list will be in the following CSV format: 19 20 hostname,port,last known IP address, protocol 21 22 Currently, the default protocol is TLSv1 unless otherwise specified. Fields may 23 include sslv2, sslv3, tlsv1, tlsv1.1, tlsv1.2, xmpp, pop3, imap and other 24 STARTTLS enabled protocols. 25 26 Eventually, we propose that a simple DNS query interface located at 27 genepool.tlsdate.net should return random entries from the genepool list. It 28 should only host records of machines that have correct timing information in 29 their SSL/TLS handshakes. The data returned will optionally be a TXT record 30 containing a line from a regularly updated genepool cache file or an A/AAAA 31 record for the host. 32
