[ntp:hackers] A stop-gap authenticated time service

Magnus Danielson magnus at rubidium.dyndns.org
Sun Nov 8 23:22:00 UTC 2015


Hi,

On 11/08/2015 05:15 PM, Poul-Henning Kamp wrote:
> I have been spending time (On Linux Foundations dime, much appreciated!)
> looking into the authenticated time issue.
>
> Here is what I'll do in Ntimed:
>
> 	http://phk.freebsd.dk/time/20151108.html
>
> If anybody else wants to implement this in other NTP programs I
> kindly ask that you get in touch with me:  We may eventually need
> to issue an RFC about this, and we should not make that harder
> for anybody than it needs to.

You can still yank it with asymmetric delay attacks.

Anyway, having multiple (safe) ways of conveying time in addition to 
multiple sources helps to build defense, as an attacker would need to 
yank a majority of them.

Cheers,
Magnus


More information about the hackers mailing list