[ntp:hackers] Re: NTP and leap-seconds

todd glassey todd.glassey at worldnet.att.net
Wed Jul 5 01:17:09 UTC 2006


I know and I see them as they are published - I also track NavStar and the
JPO's operations. My point is that we need a Federal Authority beyond the
IERS to do this and since its inline with the NIST Charter seems to me this
is a NIST T&F job... As the US Government's Master "Civilian Time Keepers".

T.
----- Original Message ----- 
From: "David L. Mills" <mills at udel.edu>
To: <hackers at ntp.org>
Sent: Tuesday, July 04, 2006 6:03 PM
Subject: Re: [ntp:hackers] Re: NTP and leap-seconds


> Todd,
>
> THe various national labs don't originate leap warnings or DUT1 offsets;
> the International Earth Rotation Service (IERS) does that. Presumably,
> an operator could learn a leap is coming by logging into their web site
> and not trusting the national labs or NTP.
>
> Dave
>
> todd glassey wrote:
>
> > I have suggested that NIST and USNO and the other National Timing
> > Laboratories submit secured notice - through signed emails, to the
> > Satellite
> > Timelords of the Non-Federally Operated leaves of the global NTP
Services.
> >
> > I am a Professional Auditor, and as such assure you folks that the US
> > Government already uses the exact same thing for Notices of Electronic
> > Court
> > Activities... So it does work.There is an entire practice model which if
> > this group is interested, I can submit later this week.
> >
> >
> > Todd Glassey, CISM CIFI
> >
> > ----- Original Message -----
> > From: "David L. Mills" <mills at udel.edu>
> > Cc: <hackers at ntp.org>
> > Sent: Monday, July 03, 2006 10:19 PM
> > Subject: Re: [ntp:hackers] Re: NTP and leap-seconds
> >
> >
> >> Tim,
> >>
> >> Gov't security has nothing to do with my agenda, even if I spent ten
> >> years as Beltway Bandit with CIA and NSA contracts. As with DNS,
> >> consider the case where some twerp is able to torque the time two days
> >> in the future and the DNS caches all expire. The traffic to reload the
> >> caches might well poison the Internet. So was the argument when I was
> >> called to the White House meeting on possible hazards when the
> >> Millennium rolled over.
> >>
> >> Start from first principles. Assume time is a fangible quantity and
> >> examine the inner workings of every service on the planet. A determined
> >> terrorist might well find some purchase. I conclude you can't trust the
> >> DNS; the first thing you have to trust is the time.
> >>
> >> Dave
> >>
> >> Tim Shoppa wrote:
> >>
> >>> "David L. Mills" <mills at udel.edu> wrote:
> >>>
> >>>> Having come this far, what is your security model for the leapsecond
> >>>> table? Is it more or less secure than the symmetric/public key
> >>>> cryptographic model? This is not to blow off your suggestion, just to
> >>>> suggest the security model needs to be addressed.
> >>>
> >>>
> >>> David -
> >>> I have often wondered about the somewhat ponderous Autokey model
> >>> for NTP crypto. While it's not the most onerous thing to set up
> >>> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
> >>> and letting it run.
> >>>
> >>> It seems to me that the non-crypto DNS root zone file distribution
> >>> methods are less top-heavy (if less secure) and seem to work good
> >>> enough.
> >>>
> >>> In fact if we could distribute the leapsecond table via DNS
> >>> it seems like it'd kill multiple birds with one stone.
> >>>
> >>> I also realize that crypto is now intertwined into DNS in at least
> >>> some installations. And also that system time (and thus NTP) is
> >>> itself used to seed some crypto methods. Makes for a pretty tangled
> >>> knot if I think too hard!
> >>>
> >>> Dave, would I be too far off to guess that most of the Autokey
> >>> stuff was added to satisfy some mil or gov't requirement?
> >>>
> >>> Tim.
> >>
> >>
> >> _______________________________________________
> >> hackers mailing list
> >> hackers at support.ntp.org
> >> https://support.ntp.org/mailman/listinfo/hackers
> >
> >
>
> _______________________________________________
> hackers mailing list
> hackers at support.ntp.org
> https://support.ntp.org/mailman/listinfo/hackers



More information about the hackers mailing list