Abstract
Defined-trust Domains (DtD) are a type of Limited Domain [RFC8799] where the rules specifying the networking of application information are defined in a communications schema that governs the information exchanged in a particular Limited Domain. Member identities are distributed as a chain of trust, public certificates that have each been signed by the signing key associated with the next certificate in the chain and, at the root, signed by the trust anchor of the DtD. This approach is detailed in [DTD,DTLD,IOTK,TST] and example implementations with a Defined-trust Transport (DeftT) that handles communications and presents a publish/subscribe API are available at [DCT].
With a focus on secured communications, DtDs are constructed to mitigate attacks, including replay. Replay prevention requires timestamps from a shared clock across a Domain, although the granularity can be coarse, i.e., on the order of several hundreds of milliseconds and the clock can be virtual, used only in communication. This document details the construction of a suitable virtual clock for a DtD that can be completely integrated and self-contained in its transport protocol.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Nichols, Kathleen, "Defined-trust Domain Virtual Clock", Technical Disclosure Commons, (March 10, 2025)
https://www.tdcommons.org/dpubs_series/7887