[ntp:hackers] A stop-gap authenticated time service

Terje Mathisen terje at tmsw.no
Mon Nov 16 23:42:24 UTC 2015

Hal Murray wrote:
> Thanks.
> terje at tmsw.no said:
>> a) Secure NTP servers cannot use DNSSEC services to pick up all their
>> sources, they must have at least one source which is a local refclock or  IP
>> only, alternatively you fall back on DNS only and leave an opening  for an
>> attacker to MITM you.
>> b) DNSSEC servers likewise needs to have at least one local  (refclock/
>> IP-only) NTP reference in order to be able to verify their  local clocks
>> before they can serve authenticated data.
> Is that only a startup transient?  Does it all work once it gets started?
> Would setting the time from an operator's watch at boot time be good enough?
A DNSSEC server could indeed operate for years without any ntp sources 
as long as it had good admins willing to manually adjust the clock every 
week or so, or even less often if the server had used ntpd originally to 
get a good drift value.


- <Terje at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

More information about the hackers mailing list