Explores the time bootstrap problem on ESP32 microcontrollers: how to get a trusted current time after a cold start when TLS certificate validation requires knowing the time, but getting the time securely requires TLS. Covers NTP (insecure but practical), NTS (adds TLS key establishment but still circular), Roughtime (cryptographically accountable but draft-only and not quantum-resistant), and DoH as a layered defense. Concludes that for ESP32 today, using plain NTP combined with DoH and backend certificate cross-checking is the pragmatic compromise, with a future path toward Roughtime and NTS once ESP-IDF support matures.
Sort: