[ntp:hackers] Re: NTP and leap-seconds
Danny Mayer
mayer at ntp.isc.org
Thu Jul 6 21:38:39 UTC 2006
Tim Shoppa wrote:
> "David L. Mills" <mills at udel.edu> wrote:
>> Having come this far, what is your security model for the leapsecond
>> table? Is it more or less secure than the symmetric/public key
>> cryptographic model? This is not to blow off your suggestion, just to
>> suggest the security model needs to be addressed.
>
> David -
> I have often wondered about the somewhat ponderous Autokey model
> for NTP crypto. While it's not the most onerous thing to set up
> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
> and letting it run.
>
> It seems to me that the non-crypto DNS root zone file distribution
> methods are less top-heavy (if less secure) and seem to work good
> enough.
>
Maybe you should explain that better. DNS root zone file distribution
happens rarely and is a straightforward distribution. In addition, at
least BIND will automatically update it's list when it starts up and
queries one of the root servers.
> In fact if we could distribute the leapsecond table via DNS
> it seems like it'd kill multiple birds with one stone.
>
I'm not sure how you'd add this to DNS nor how you would feel that the
table is valid unless you start deploying DNSSEC to do this and you have
a validating resolver to check.
> I also realize that crypto is now intertwined into DNS in at least
> some installations.
In what way are is crypto intertwined into DNS? If you are talking about
TSIG and other keys I don't see how this has anything to do with NTP
except that for TSIG to work the clocks between the two systems need to
be withing 5 minutes of each other.
> And also that system time (and thus NTP) is
> itself used to seed some crypto methods. Makes for a pretty tangled
> knot if I think too hard!
>
I don't understand what you mean here.
Danny
More information about the hackers
mailing list