[ntp:security] New NTP Defect Disclosure

Matthew Van Gundy mvangund at cisco.com
Wed Oct 7 16:56:50 UTC 2015

Ack.  I'll follow up with the disclosure bundle this afternoon.


On 10/7/15 12:16 PM, Harlan Stenn wrote:
> Hi Matt,
> On 10/7/15 8:12 AM, Matthew Van Gundy wrote:
>> Hi Harlan,
>> ASIG has a number of defects to disclose today.  I noted that, in a
>> previous email to Rich Johnson, you asked if Brad Knowles had already
>> sent a copy of the new security at ntp.org key.  I haven't received an
>> email from Brad Knowles.  Would you prefer to send me the
>> security at ntp.org key or should I just encrypt the disclosures to you?
> I thought I saw the email from Brad.
> The security at ntp.org key should be on the public keyservers.  I've
> attached it here as well.
>> Also, as all of the defects also affect NTPSec, so we will also be
>> disclosing the defects to them.  Would you prefer us to make a joint
>> disclosure: everyone on the same thread and a single bundle with the NTP
>> and NTPSec versions affected clearly delineated?  Or would you prefer us
>> to keep the threads with NTF and NTPSec separate?
> I have a slight preference for keeping the threads separate.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20151007/8bc98c45/attachment.sig>

More information about the security mailing list