[ntp:security] New NTP Defect Disclosure
Matthew Van Gundy
mvangund at cisco.com
Wed Oct 7 16:56:50 UTC 2015
Ack. I'll follow up with the disclosure bundle this afternoon.
On 10/7/15 12:16 PM, Harlan Stenn wrote:
> Hi Matt,
> On 10/7/15 8:12 AM, Matthew Van Gundy wrote:
>> Hi Harlan,
>> ASIG has a number of defects to disclose today. I noted that, in a
>> previous email to Rich Johnson, you asked if Brad Knowles had already
>> sent a copy of the new security at ntp.org key. I haven't received an
>> email from Brad Knowles. Would you prefer to send me the
>> security at ntp.org key or should I just encrypt the disclosures to you?
> I thought I saw the email from Brad.
> The security at ntp.org key should be on the public keyservers. I've
> attached it here as well.
>> Also, as all of the defects also affect NTPSec, so we will also be
>> disclosing the defects to them. Would you prefer us to make a joint
>> disclosure: everyone on the same thread and a single bundle with the NTP
>> and NTPSec versions affected clearly delineated? Or would you prefer us
>> to keep the threads with NTF and NTPSec separate?
> I have a slight preference for keeping the threads separate.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 236 bytes
Desc: OpenPGP digital signature
More information about the security