[ntp:hackers] Re: NTP and leap-seconds

Danny Mayer mayer at ntp.isc.org
Thu Jul 6 21:38:39 UTC 2006

Tim Shoppa wrote:
> "David L. Mills" <mills at udel.edu> wrote:
>> Having come this far, what is your security model for the leapsecond 
>> table? Is it more or less secure than the symmetric/public key 
>> cryptographic model? This is not to blow off your suggestion, just to 
>> suggest the security model needs to be addressed.
> David -
>   I have often wondered about the somewhat ponderous Autokey model
> for NTP crypto. While it's not the most onerous thing to set up
> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
> and letting it run.
>   It seems to me that the non-crypto DNS root zone file distribution
> methods are less top-heavy (if less secure) and seem to work good
> enough.

Maybe you should explain that better. DNS root zone file distribution
happens rarely and is a straightforward distribution. In addition, at
least BIND will automatically update it's list when it starts up and
queries one of the root servers.

>   In fact if we could distribute the leapsecond table via DNS
> it seems like it'd kill multiple birds with one stone.

I'm not sure how you'd add this to DNS nor how you would feel that the
table is valid unless you start deploying DNSSEC to do this and you have
a validating resolver to check.

>   I also realize that crypto is now intertwined into DNS in at least
> some installations.

In what way are is crypto intertwined into DNS? If you are talking about
TSIG and other keys I don't see how this has anything to do with NTP
except that for TSIG to work the clocks between the two systems need to
be withing 5 minutes of each other.

> And also that system time (and thus NTP) is
> itself used to seed some crypto methods. Makes for a pretty tangled
> knot if I think too hard!

I don't understand what you mean here.


More information about the hackers mailing list