[ntp:hackers] Anybody object to requiring AnsiC for building NTP?

David L. Mills mills at udel.edu
Wed May 25 10:11:16 PDT 2005


While not withstanding your assertions, I should point out that the 
opinions, assertions and disclaimers about "ntp.org" belong to me and 
nobody else on the planet. That's only a domain name and not intended to 
designate a consortium. The opinions of ISC are independent of and 
completely separate from mine. There are significant cultural areas 
where their opinion and mine differ sharply.

For legal purposes, and I have been rained on by lawyers from IBM and 
others, all copyright and licensing issues about the distribution itself 
are inherent in the copyright page in the distribution. This is a formal 
legal statement and I will not depart from it for any civil, military or 
commercial purposes. In fact, I have literally thrown out of my office 
visiting laywers arguing for amendments.

As for the code audit, I am funded to produce a NTPv4 formal 
specification. This is not a code audit, not a security guarantee, not 
even a claim for correctness. It does of course speak to the issue 
whether my granting agency should in fact embark on a project such as 
you propose. I'm happy to put you in contact with my program manager 
should you wish to propose such a venture.

You bring up the issue of testing and auditing. BlueCross BlueShield 
Association has in fact audited the code for their interior use. Their 
concern is only on security, which is rather easy to enforce if port 123 
is blocked at the firewall. Protocol correctness is much harder; see my 
post to this group about a test plan, skeleton and flow charts. 
Performance assurance is even harder, as no fixed guarantees are 
possible. Perhaps the most useful amplifier for your suggestions is the 
NTPv4 specification task force. I'd like to hear their collective 
response to your suggestions.

I've been in contact with a number of NTP user organizations, from 
public agencies, defense contractors and educational institutions all 
concerned about product correctness and doing their own testing. It 
would be a very valuable contribution to the community if somebody did 
in fact further develop and refine the test plan I sent out. Would you 
be willing to do that?


todd glassey wrote:

>Harlen, Paul (Vixie)...
>As long a certifiable production model is built so that the code body that
>is produced for each OS can be checkpointed and fully audited there is no
>real reason to keep this archaic standard unless there are Military Users
>mandate it. There are however systems which the Military cannot easily move
>off of and neither DISA, DARPA, or DHS will be happy with you folks if you
>decide to screw them.
>Rather than that, I suggest that its time for a formal charter for NTP.ORG
>that addresses
>    1)    What NTP is to be supported by this consortia (for lack of a
>better term) - What's to be supported, by who and how. Oh and how is this
>support being paid for? - there are inherent costs to running "a for free"
>organization so who is paying for it?
>    2)    How its (NTP) to be tested (from an Audit Perspective.) - This
>will be
>critical in moving forward in these Post-SOX days whether the physicists in
>the bunch agree or not - and bluntly its not worth arguing about. Its going
>to happen one way or the other... Is there a group of Consortia Members with
>each OS Manufacturer?
>Seems like we need formal representatives from anyone shipping NTP, I.a.
>Sun, HP, The BSD consortia, IBM, the Linux Companies, and possibly someone
>like Oracle and the Timing Companies (Hi Greg!) at the very least. These
>individuals would be the "owners" of the Code Body and Certification
>Processes for those Operations and would be the party that folks like the
>Big-4 Auditors and the Internal Auditor Committees would get Certification
>for those Applications in Legally Controlled Environments. ISC can be the
>keeper of the code if it can certify the security of the environment -
>otherwise -there is a problem with allowing ISC to use NTP as a profit
>center. Hence ISC is going to have to formalize what it does and what it is
>liable for to the NTP consortia.
>    3)    Which brings us to that we need a formal statement how NTP.ORG
>through ISC is going to maintain its process, release model, and operations
>process, and not just in the Code Repository... We also need to understand
>how the Code to be audited, and how is each release being checkpointed and
>audited? What is it that ISC is guaranteeing by the use of the Code
>Repository? - Is ISC guaranteeing that the code remains unhacked or clean?
>If not then we may have a problem especially with ISC's using NTP as a
>source of income. In any event these are a easily resolved points and should
>be handled with some speed IMHO.
>    4)    Some form of administrative review process needs to be formally
>instituted as well to insure that the NTP process and methods are followed
>and that the releases of the products formally offering NTP services or as
>bolt-on's to NTP as in the case of GPS or other Stratum-2/Stratum-1
>Vixie and team at ISC should be able to help with some of this framework,
>as part of ISC's hosting critical projects for bux... and I and any
>number of other Certified Auditors, can provide an operations
>audit on an ongoing basis to satisfy the COBiT/ITIL/ISO17799 3rd party
>Walkthough Requirements.
>Todd Glassey CISM, CIFI
>Streaming Media Manager, KZSU Stanford
>Information Security Consultant
>Owner of NIST CRADA 1681 and NIST Service 76110s
>----- Original Message ----- 
>From: "Harlan Stenn" <stenn at ntp.isc.org>
>To: <hackers at ntp.isc.org>
>Cc: <mills at udel.edu>
>Sent: Wednesday, May 25, 2005 1:50 AM
>Subject: [ntp:hackers] Anybody object to requiring AnsiC for building NTP?
>>One of the requirements of NTP has been that it compile on systems
>>without Ansi C compilers.
>>I'm thinking that it's time we remove this backward-compatibility
>>It will let us do some code cleanup and simplification, including
>>the prototype stuff and, I believe, getting rid of varargs (in favor
>>of stdargs).  Near as I can remember...
>>Does anybody have a requirement to still support K&R compilers?
>>hackers mailing list
>>hackers at support.ntp.org

More information about the hackers mailing list