[ntp:hackers] Re: NTP and leap-seconds

Danny Mayer mayer at ntp.isc.org
Thu Jul 6 21:38:39 UTC 2006


Tim Shoppa wrote:
> "David L. Mills" <mills at udel.edu> wrote:
>> Having come this far, what is your security model for the leapsecond 
>> table? Is it more or less secure than the symmetric/public key 
>> cryptographic model? This is not to blow off your suggestion, just to 
>> suggest the security model needs to be addressed.
> 
> David -
>   I have often wondered about the somewhat ponderous Autokey model
> for NTP crypto. While it's not the most onerous thing to set up
> it is not as easy as just putting in 3 or 4 nameservers into ntp.conf
> and letting it run.
> 
>   It seems to me that the non-crypto DNS root zone file distribution
> methods are less top-heavy (if less secure) and seem to work good
> enough.
> 

Maybe you should explain that better. DNS root zone file distribution
happens rarely and is a straightforward distribution. In addition, at
least BIND will automatically update it's list when it starts up and
queries one of the root servers.

>   In fact if we could distribute the leapsecond table via DNS
> it seems like it'd kill multiple birds with one stone.
> 

I'm not sure how you'd add this to DNS nor how you would feel that the
table is valid unless you start deploying DNSSEC to do this and you have
a validating resolver to check.

>   I also realize that crypto is now intertwined into DNS in at least
> some installations.

In what way are is crypto intertwined into DNS? If you are talking about
TSIG and other keys I don't see how this has anything to do with NTP
except that for TSIG to work the clocks between the two systems need to
be withing 5 minutes of each other.

> And also that system time (and thus NTP) is
> itself used to seed some crypto methods. Makes for a pretty tangled
> knot if I think too hard!
>

I don't understand what you mean here.

Danny


More information about the hackers mailing list