[Cryptography] Network Time Protocol security
John Gilmore
gnu at toad.com
Sun May 19 07:06:10 EDT 2019
There is an effort underway to design and standardize improved methods
of securing the NTP time-synchronization protocol. Here's an overview
of the effort, plus pointers to a published RFC that documents the
requirements that they are trying to satisfy, and to the current
Internet-Draft:
https://www.ietfjournal.org/a-new-security-mechanism-for-the-network-time-protocol/
https://www.rfc-editor.org/rfc/rfc7384.txt
http://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp
The draft protocol is being implemented now by two or more NTP
implementations to begin interoperation testing.
There is a long history of half-assed or broken crypto applied to various
iterations of NTP (pre-shared keys, Autokey, etc). None has yet had that
essential combination of ease of deployment and lack of vulnerability.
Before this gets standardized and deployed, has anybody on this list
analyzed the threat model and the draft mechanisms to see if they would
actually accomplish the goal of cryptographically securing the
worldwide accurate time distribution overlay network?
John
More information about the cryptography
mailing list