[ntp:hackers] Re: NTP and leap-seconds

David L. Mills mills at udel.edu
Wed Jul 5 01:03:15 UTC 2006


Todd,

THe various national labs don't originate leap warnings or DUT1 offsets; 
the International Earth Rotation Service (IERS) does that. Presumably, 
an operator could learn a leap is coming by logging into their web site 
and not trusting the national labs or NTP.

Dave

todd glassey wrote:

> I have suggested that NIST and USNO and the other National Timing
> Laboratories submit secured notice - through signed emails, to the 
> Satellite
> Timelords of the Non-Federally Operated leaves of the global NTP Services.
>
> I am a Professional Auditor, and as such assure you folks that the US
> Government already uses the exact same thing for Notices of Electronic 
> Court
> Activities... So it does work.There is an entire practice model which if
> this group is interested, I can submit later this week.
>
>
> Todd Glassey, CISM CIFI
>
> ----- Original Message -----
> From: "David L. Mills" <mills at udel.edu>
> Cc: <hackers at ntp.org>
> Sent: Monday, July 03, 2006 10:19 PM
> Subject: Re: [ntp:hackers] Re: NTP and leap-seconds
>
>
>> Tim,
>>
>> Gov't security has nothing to do with my agenda, even if I spent ten
>> years as Beltway Bandit with CIA and NSA contracts. As with DNS,
>> consider the case where some twerp is able to torque the time two days
>> in the future and the DNS caches all expire. The traffic to reload the
>> caches might well poison the Internet. So was the argument when I was
>> called to the White House meeting on possible hazards when the
>> Millennium rolled over.
>>
>> Start from first principles. Assume time is a fangible quantity and
>> examine the inner workings of every service on the planet. A determined
>> terrorist might well find some purchase. I conclude you can't trust the
>> DNS; the first thing you have to trust is the time.
>>
>> Dave
>>
>> Tim Shoppa wrote:
>>
>>> "David L. Mills" <mills at udel.edu> wrote:
>>>
>>>> Having come this far, what is your security model for the leapsecond
>>>> table? Is it more or less secure than the symmetric/public key
>>>> cryptographic model? This is not to blow off your suggestion, just to
>>>> suggest the security model needs to be addressed.
>>>
>>>
>>> David -
>>> I have often wondered about the somewhat ponderous Autokey model
>>> for NTP crypto. While it's not the most onerous thing to set up
>>> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
>>> and letting it run.
>>>
>>> It seems to me that the non-crypto DNS root zone file distribution
>>> methods are less top-heavy (if less secure) and seem to work good
>>> enough.
>>>
>>> In fact if we could distribute the leapsecond table via DNS
>>> it seems like it'd kill multiple birds with one stone.
>>>
>>> I also realize that crypto is now intertwined into DNS in at least
>>> some installations. And also that system time (and thus NTP) is
>>> itself used to seed some crypto methods. Makes for a pretty tangled
>>> knot if I think too hard!
>>>
>>> Dave, would I be too far off to guess that most of the Autokey
>>> stuff was added to satisfy some mil or gov't requirement?
>>>
>>> Tim.
>>
>>
>> _______________________________________________
>> hackers mailing list
>> hackers at support.ntp.org
>> https://support.ntp.org/mailman/listinfo/hackers
>
>



More information about the hackers mailing list