[ntp:hackers] A stop-gap authenticated time service

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Nov 10 18:15:46 UTC 2015

In message <8D2BF679AAC7C346848A489074F9F8BF7A9F0748 at sjsrvexchmbx2.microsemi.net>, Greg D
owd writes:

>You are definitely correct that many applications can accept a second or two
>of movement per poll but I think looking towards the future the bar is being
>set much lower than that.

I used to think so, but I'm less convinced these days.

I see tight synchronisation mostly (only?) inside isolated environments
and usually by putting up local stratum-1 time services.

Where WAN synchronization is required, people put up S1 with identical
source (ie: GNSS).

(If you have 100 servers in your server room, the cheapest and most efficient
way to mitigate any attack on NTP is to buy a S1 NTP server with a GPS

>So, like the TAACCS and NTF TimestampAPI projects, it may be sufficient to
>implement any layered approach with the understanding that it exists to protect
>the underlying time transport, hopefully without degrading it, and bounding
>the error estimates using alternate methods.

The optimal outcome is that adding a level of "supervision" makes
attacking NTP pointless, so we cna milk it for all it can offer,
at the cost of occasionally looking over our shoulder with HTTPS.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the hackers mailing list