[ntp:hackers] A stop-gap authenticated time service
hmurray at megapathdsl.net
Tue Nov 10 21:48:28 UTC 2015
> The optimal outcome is that adding a level of "supervision" makes attacking
> NTP pointless, so we cna milk it for all it can offer, at the cost of
> occasionally looking over our shoulder with HTTPS.
I think I like that approach.
It looks like a 2 pass algorithm. The first pass uses authenticated servers
to establish a sanity-check fence around a region of reasonable time.
Standard stuff, you need more than one server to catch broken or compromised
The second pass discards any servers that don't land within that area, then
uses the traditional logic on what's left.
Has anybody done any timing over TCP? Suppose you sent NTP "packets" over
TCP. After connection setup, if you don't have any retransmissions, it
should be a single packet in each direction.
These are my opinions. I hate spam.
More information about the hackers