[ntp:hackers] Re: NTP and leap-seconds
todd.glassey at worldnet.att.net
Tue Jul 4 13:37:36 UTC 2006
I have suggested that NIST and USNO and the other National Timing
Laboratories submit secured notice - through signed emails, to the Satellite
Timelords of the Non-Federally Operated leaves of the global NTP Services.
I am a Professional Auditor, and as such assure you folks that the US
Government already uses the exact same thing for Notices of Electronic Court
Activities... So it does work.There is an entire practice model which if
this group is interested, I can submit later this week.
Todd Glassey, CISM CIFI
----- Original Message -----
From: "David L. Mills" <mills at udel.edu>
Cc: <hackers at ntp.org>
Sent: Monday, July 03, 2006 10:19 PM
Subject: Re: [ntp:hackers] Re: NTP and leap-seconds
> Gov't security has nothing to do with my agenda, even if I spent ten
> years as Beltway Bandit with CIA and NSA contracts. As with DNS,
> consider the case where some twerp is able to torque the time two days
> in the future and the DNS caches all expire. The traffic to reload the
> caches might well poison the Internet. So was the argument when I was
> called to the White House meeting on possible hazards when the
> Millennium rolled over.
> Start from first principles. Assume time is a fangible quantity and
> examine the inner workings of every service on the planet. A determined
> terrorist might well find some purchase. I conclude you can't trust the
> DNS; the first thing you have to trust is the time.
> Tim Shoppa wrote:
> > "David L. Mills" <mills at udel.edu> wrote:
> >> Having come this far, what is your security model for the leapsecond
> >> table? Is it more or less secure than the symmetric/public key
> >> cryptographic model? This is not to blow off your suggestion, just to
> >> suggest the security model needs to be addressed.
> > David -
> > I have often wondered about the somewhat ponderous Autokey model
> > for NTP crypto. While it's not the most onerous thing to set up
> > it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
> > and letting it run.
> > It seems to me that the non-crypto DNS root zone file distribution
> > methods are less top-heavy (if less secure) and seem to work good
> > enough.
> > In fact if we could distribute the leapsecond table via DNS
> > it seems like it'd kill multiple birds with one stone.
> > I also realize that crypto is now intertwined into DNS in at least
> > some installations. And also that system time (and thus NTP) is
> > itself used to seed some crypto methods. Makes for a pretty tangled
> > knot if I think too hard!
> > Dave, would I be too far off to guess that most of the Autokey
> > stuff was added to satisfy some mil or gov't requirement?
> > Tim.
> hackers mailing list
> hackers at support.ntp.org
More information about the hackers