[ntp:questions] Gretchen - in regard to CertifiedTime it never died...

Todd Glassey CISM CIFI tglassey at earthlink.net
Sun May 3 14:33:38 UTC 2009


Gretchen Baxter wrote:
> Correct me if I an wrong, but it seems like Todd has a problem with 
> GPS and NTP and that is why his company exists.
>
> *GPS* -  it can be spoofed, therefore it can NOT be trusted as a time 
> source
Yes when you speak to its broadcast-only and unsecured L1 design.
>
> *NTP* - there is lack of security controls around it. 
Yes - but these are design issues - and are pertinent to the need to 
make NTP a single-stop solution rather than just a time-movement process.
> In addition, it can be admitted as evidence in court in its current 
> incarnation.
Actually NTP has never been tested in court since it in most instances 
would fail a Daubert inquiry into its competence - but that's life right?
>
> That is the problem in short.
> Did I capture it correctly?

Sort of - I want accountability in all of these code decisions to rest 
where it belongs - with the parties certifying the fitness of this 
product and if this crew - the NTP.ISC.ORG  team is not warrantying that 
then we  (NTP.ISC.ORG and I) have an issue I think. NTP is a very 
important part of auditing and trust verification and for it to be only 
randomly tested by a group of people who participate as a hobby is an 
issue again I think.

NTP as a tool needs accountability in its use and operations. I think 
that is key to getting industry-wide acceptance of this NTP services. 
The idea that NTP should be distributed under a "No Specific Fitness for 
Any Purpose" limitations is silly  IMHO.

Todd .
>
> /gdBaxter
>
>
>
>
>
>
> On Sat, May 2, 2009 at 11:11 PM, Danny Mayer <mayer at ntp.org 
> <mailto:mayer at ntp.org>> wrote:
> Todd Glassey CISM CIFI wrote:
> > Danny Mayer wrote:
> >> Todd Glassey CISM CIFI wrote:
> >>
> >>> Gretchen Baxter wrote:
> >>>
> >>>> thanx!
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.0.238 / Virus Database: 270.12.15/2093 - Release Date: 05/02/09 14:23:00
>
>   




More information about the questions mailing list