[ntp:security] New NTP Defect Disclosure
stenn at nwtime.org
Wed Oct 7 17:16:24 UTC 2015
Are these public disclosures or initial / embargoed disclosures?
Sent from my iPhone - please excuse brevity and typos
> On Oct 7, 2015, at 9:16 AM, Harlan Stenn <stenn at nwtime.org> wrote:
> Hi Matt,
>> On 10/7/15 8:12 AM, Matthew Van Gundy wrote:
>> Hi Harlan,
>> ASIG has a number of defects to disclose today. I noted that, in a
>> previous email to Rich Johnson, you asked if Brad Knowles had already
>> sent a copy of the new security at ntp.org key. I haven't received an
>> email from Brad Knowles. Would you prefer to send me the
>> security at ntp.org key or should I just encrypt the disclosures to you?
> I thought I saw the email from Brad.
> The security at ntp.org key should be on the public keyservers. I've
> attached it here as well.
>> Also, as all of the defects also affect NTPSec, so we will also be
>> disclosing the defects to them. Would you prefer us to make a joint
>> disclosure: everyone on the same thread and a single bundle with the NTP
>> and NTPSec versions affected clearly delineated? Or would you prefer us
>> to keep the threads with NTF and NTPSec separate?
> I have a slight preference for keeping the threads separate.
> Harlan Stenn <stenn at nwtime.org>
> http://networktimefoundation.org - be a member!
> security mailing list
> security at lists.ntp.org
More information about the security