[ntp:security] [Bug 2936] Skeleton Key: Missing key check allows impersonation between authenticated peers

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Jan 6 11:34:54 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=2936

--- Comment #4 from Harlan Stenn <stenn at ntp.org> 2016-01-06 11:34:54 UTC ---
(In reply to comment #2)
> I think that there may be a problem here. Once an association has been
> authenticated then that packets between the two systems need to continue to use
> the key used for creating that association trust. What needs to happen is that
> when the trust is established a reference to the key used should be kept until
> the association is cleared. Otherwise, according to the report, any other valid
> key in the list can be used, probably by a rogue server that has a trusted key
> which can spoof the packets.

Danny, please say more.  There's nothing wrong with there being multiple
trusted keys, and since we're talking about UDP here, we have no way of knowing
if a client starts talking to a server with "trusted key #1" and then the
client gets reconfigured/restarting using "trusted key #2".  There's no reason
this should not work.

What exactly do you mean by an "association" here?

I can still see it being a reasonable conclusion that this report is not a
valid bug.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list