[ntp:hackers] A stop-gap authenticated time service
phk at phk.freebsd.dk
Tue Nov 10 18:15:46 UTC 2015
In message <8D2BF679AAC7C346848A489074F9F8BF7A9F0748 at sjsrvexchmbx2.microsemi.net>, Greg D
>You are definitely correct that many applications can accept a second or two
>of movement per poll but I think looking towards the future the bar is being
>set much lower than that.
I used to think so, but I'm less convinced these days.
I see tight synchronisation mostly (only?) inside isolated environments
and usually by putting up local stratum-1 time services.
Where WAN synchronization is required, people put up S1 with identical
source (ie: GNSS).
(If you have 100 servers in your server room, the cheapest and most efficient
way to mitigate any attack on NTP is to buy a S1 NTP server with a GPS
>So, like the TAACCS and NTF TimestampAPI projects, it may be sufficient to
>implement any layered approach with the understanding that it exists to protect
>the underlying time transport, hopefully without degrading it, and bounding
>the error estimates using alternate methods.
The optimal outcome is that adding a level of "supervision" makes
attacking NTP pointless, so we cna milk it for all it can offer,
at the cost of occasionally looking over our shoulder with HTTPS.
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the hackers