[ntp:hackers] Re: NTP and leap-seconds
David L. Mills
mills at udel.edu
Wed Jul 5 01:03:15 UTC 2006
THe various national labs don't originate leap warnings or DUT1 offsets;
the International Earth Rotation Service (IERS) does that. Presumably,
an operator could learn a leap is coming by logging into their web site
and not trusting the national labs or NTP.
todd glassey wrote:
> I have suggested that NIST and USNO and the other National Timing
> Laboratories submit secured notice - through signed emails, to the
> Timelords of the Non-Federally Operated leaves of the global NTP Services.
> I am a Professional Auditor, and as such assure you folks that the US
> Government already uses the exact same thing for Notices of Electronic
> Activities... So it does work.There is an entire practice model which if
> this group is interested, I can submit later this week.
> Todd Glassey, CISM CIFI
> ----- Original Message -----
> From: "David L. Mills" <mills at udel.edu>
> Cc: <hackers at ntp.org>
> Sent: Monday, July 03, 2006 10:19 PM
> Subject: Re: [ntp:hackers] Re: NTP and leap-seconds
>> Gov't security has nothing to do with my agenda, even if I spent ten
>> years as Beltway Bandit with CIA and NSA contracts. As with DNS,
>> consider the case where some twerp is able to torque the time two days
>> in the future and the DNS caches all expire. The traffic to reload the
>> caches might well poison the Internet. So was the argument when I was
>> called to the White House meeting on possible hazards when the
>> Millennium rolled over.
>> Start from first principles. Assume time is a fangible quantity and
>> examine the inner workings of every service on the planet. A determined
>> terrorist might well find some purchase. I conclude you can't trust the
>> DNS; the first thing you have to trust is the time.
>> Tim Shoppa wrote:
>>> "David L. Mills" <mills at udel.edu> wrote:
>>>> Having come this far, what is your security model for the leapsecond
>>>> table? Is it more or less secure than the symmetric/public key
>>>> cryptographic model? This is not to blow off your suggestion, just to
>>>> suggest the security model needs to be addressed.
>>> David -
>>> I have often wondered about the somewhat ponderous Autokey model
>>> for NTP crypto. While it's not the most onerous thing to set up
>>> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
>>> and letting it run.
>>> It seems to me that the non-crypto DNS root zone file distribution
>>> methods are less top-heavy (if less secure) and seem to work good
>>> In fact if we could distribute the leapsecond table via DNS
>>> it seems like it'd kill multiple birds with one stone.
>>> I also realize that crypto is now intertwined into DNS in at least
>>> some installations. And also that system time (and thus NTP) is
>>> itself used to seed some crypto methods. Makes for a pretty tangled
>>> knot if I think too hard!
>>> Dave, would I be too far off to guess that most of the Autokey
>>> stuff was added to satisfy some mil or gov't requirement?
>> hackers mailing list
>> hackers at support.ntp.org
More information about the hackers