[ntp:security] New NTP Defect Disclosure

Harlan Stenn stenn at nwtime.org
Wed Oct 7 16:16:10 UTC 2015


Hi Matt,

On 10/7/15 8:12 AM, Matthew Van Gundy wrote:
> Hi Harlan,
> 
> ASIG has a number of defects to disclose today.  I noted that, in a
> previous email to Rich Johnson, you asked if Brad Knowles had already
> sent a copy of the new security at ntp.org key.  I haven't received an
> email from Brad Knowles.  Would you prefer to send me the
> security at ntp.org key or should I just encrypt the disclosures to you?

I thought I saw the email from Brad.

The security at ntp.org key should be on the public keyservers.  I've
attached it here as well.

> Also, as all of the defects also affect NTPSec, so we will also be
> disclosing the defects to them.  Would you prefer us to make a joint
> disclosure: everyone on the same thread and a single bundle with the NTP
> and NTPSec versions affected clearly delineated?  Or would you prefer us
> to keep the threads with NTF and NTPSec separate?

I have a slight preference for keeping the threads separate.

-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0066B2FD.asc
Type: application/pgp-keys
Size: 4531 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20151007/2c73de86/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 670 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/2c73de86/attachment.sig>


More information about the security mailing list