[ntp:security] [Bug 3043] Autokey association reset

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri May 6 18:24:25 UTC 2016


Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
                 CC|                            |perlinger at ntp.org

--- Comment #2 from Juergen Perlinger <perlinger at ntp.org> 2016-05-06 18:24:25 UTC ---
As I discussed with Harlan for some time, CRYPTO_NAK is a design bug. It is not
authenticated and therefore totally untrustworthy. The only sane decision is to
completely disregard any CRYPTO_NAK packages.

The same essentially holds for all packets where MAC authentication fails.
These should be IMHO summarily ignored.

Checking the origin time stamp might avoid some attacks by creating a small
time window (instead of one of unlimited size) but it is still possible for an
attacker to send a forged CRYPTO_NAK soon enough (before the real server
replies) to run a successful attack.

I'm admittedly not deep enough into this, but I have gathered the impression
that ignoring packages with bad authentication and CRYPTO_NAKs in general is
the only way to go. Just my 5c, though, and I want some more votes on that
before I start to butcher the code.

This would essentially cure bug 3044 and bug 3045, too. I'm just not sure what
it would break.

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list