[ntp:hackers] A stop-gap authenticated time service
terje at tmsw.no
Mon Nov 16 23:42:24 UTC 2015
Hal Murray wrote:
> terje at tmsw.no said:
>> a) Secure NTP servers cannot use DNSSEC services to pick up all their
>> sources, they must have at least one source which is a local refclock or IP
>> only, alternatively you fall back on DNS only and leave an opening for an
>> attacker to MITM you.
>> b) DNSSEC servers likewise needs to have at least one local (refclock/
>> IP-only) NTP reference in order to be able to verify their local clocks
>> before they can serve authenticated data.
> Is that only a startup transient? Does it all work once it gets started?
> Would setting the time from an operator's watch at boot time be good enough?
A DNSSEC server could indeed operate for years without any ntp sources
as long as it had good admins willing to manually adjust the clock every
week or so, or even less often if the server had used ntpd originally to
get a good drift value.
- <Terje at tmsw.no>
"almost all programming can be viewed as an exercise in caching"
More information about the hackers