[Cryptography] NTP Security (Was: Re: Random numbers only once)
Dominik Schürmann
dominik at dominikschuermann.de
Wed Feb 5 07:49:42 EST 2014
On Tue, 2014-02-04 at 19:09 -0800, Watson Ladd wrote:
> DNSSEC for pool.ntp.org?
> Do we need to make an authenticated NTP, or would a signed clock
> protocol work fine for this?
> I've thought on and off about this problem, but it is tough given the
> latency requirements for NTP,
> and the fact that server state in a UDP protocol can have interesting effects.
I'd like to point you to a recent internet draft, partly written by a
colleague of mine:
http://tools.ietf.org/html/draft-ietf-ntp-network-time-security-01
It is the result of several security problems with the old "NTP autokey"
protocol (which hopefully nobody really uses...)
If you have comments or questions, don't hesitate to post on this
mailinglist, I can point him to this conversation.
Regards
Dominik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140205/1118b25d/attachment.pgp>
More information about the cryptography
mailing list