Was DNS Spoofing such a big threat that they chose to synchronize with their own servers instead of just using NTP pools? Presumably it's some kind of proprietary, SSL connection. Ugh. Still, at least it's something they could* patch out.
Was DNS Spoofing such a big threat that they chose to synchronize with their own servers instead of just using NTP pools? Presumably it's some kind of proprietary, SSL connection.
NTP can only return a date and time code. NTP has no method to answer queries containing "Does this console serial with this account ID with this game ID have an expiration date set to a time before right now?"
So of course they use a proprietary SSL connection for that, otherwise you could use a free 10 day demo in place of the full game that isn't free, without paying for it.
If it did there would be no point to the rest of the functionality, as you could subvert any additional functionality based on time by simply sending back a false NTP response. To be fair to Sony they've implemented this effectively, and all the alternatives suggested so far make the time on the console trivially easy to alter.
The road to hell is paved with NAND gates.
-- J. Gooding
NTP tho? (Score:2)
Re: (Score:0)
Was DNS Spoofing such a big threat that they chose to synchronize with their own servers instead of just using NTP pools? Presumably it's some kind of proprietary, SSL connection.
NTP can only return a date and time code.
NTP has no method to answer queries containing "Does this console serial with this account ID with this game ID have an expiration date set to a time before right now?"
So of course they use a proprietary SSL connection for that, otherwise you could use a free 10 day demo in place of the full game that isn't free, without paying for it.
Re:NTP tho? (Score:2)
but at the very least let it do basic ntp just to get back after dead battery and then it can pull an full sync with demo auth.
Re: (Score:2)