[ntp:questions] Re: restrict lines
brad at stop.mail-abuse.org
Mon Mar 14 22:44:28 UTC 2005
At 2:17 PM -0800 2005-03-14, David Schwartz wrote:
> Yes, exactly. You can't fix this problem anywhere but at its source. You
> might as well argue that we should never use domain names in any situation
> with any security implications.
Okay, go fix the entire Internet, then. Please report back when
Meanwhile, the rest of the world has been learning the lesson
over the past decade that name-based security is one of the stupidest
ideas ever invented.
> On the contrary, it's if you depend upon IPs for your security that you
> get into trouble if things change.
Yup, that's a problem. That's why you use public-key crypto.
BIND learned this lesson years ago.
> If you really believed the argument you
> are making, you would have to object to the existence of pool.ntp.org, since
> it does the very thing you are complaining about.
No, pool.ntp.org has nothing to do with security. That's a
one-way name-to-IP address mapping, and there is no implied security
that is claimed to be provided. In those situations, if your DNS
cache is poisoned and you get sent to the wrong servers, then that's
As soon as you try to apply some security to this problem, you
run into the fact that most members of pool.ntp.org do not have
control over their reverse DNS, so they cannot change what name
should be claimed for their IP address. You also run into the
load-balancing and system monitoring problem, whereby an address that
was in pool.ntp.org five minutes ago, is no longer in the pool.
If you want to secure this, your *only* effective choice is to
use public-key crypto.
> Is it your position that name-based security is worse than no security
> at all?
In this case, yes. It gives you a sense of false security, and
you feel comfortable staying there instead of working on the real
> Or would it be your position that NTP should be modified to make it
> impossible to configure it with no security at all?
NTP already understands the concept of cryptographic
authentication. That technique needs to be extended.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions