[ntp:security] New NTP Defect Disclosure

Matthew Van Gundy mvangund at cisco.com
Wed Oct 7 15:12:01 UTC 2015

Hi Harlan,

ASIG has a number of defects to disclose today.  I noted that, in a
previous email to Rich Johnson, you asked if Brad Knowles had already
sent a copy of the new security at ntp.org key.  I haven't received an
email from Brad Knowles.  Would you prefer to send me the
security at ntp.org key or should I just encrypt the disclosures to you?

Also, as all of the defects also affect NTPSec, so we will also be
disclosing the defects to them.  Would you prefer us to make a joint
disclosure: everyone on the same thread and a single bundle with the NTP
and NTPSec versions affected clearly delineated?  Or would you prefer us
to keep the threads with NTF and NTPSec separate?


Matthew Van Gundy, Technical Leader
Advanced Security Initiatives Group
Cisco Systems, Inc.

work. +1 (865) 288-6495
cell. +1 (805) 699-6134

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/80e16b64/attachment.sig>

More information about the security mailing list