oss-sec mailing list archives

Re: attacking hsts through ntp

From: Yves-Alexis Perez <corsac () debian org>
Date: Sat, 18 Oct 2014 14:27:02 +0200

On ven., 2014-10-17 at 10:17 +0000, Stephen Röttger wrote:

The solution would be to have a more reliable PC time. How do we do

that?

We're currently working on an IETF draft to bring authentication to NTP:
https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-04 and
would be happy for people to take a look and give feedback.
If you don't want to read the draft, let me know and I will outline the
protocol for you.


What about RFC 5906 and the current authentication schemes
(http://www.eecis.udel.edu/~mills/ntp/html/authentic.html) ?

I'm unsure they really used (usable) in a non-controlled environment but
at least there's already something in place.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: attacking hsts through ntp, (continued)
- - - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Michal Zalewski (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Michael Samuel (Oct 16)
  - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
    - Re: attacking hsts through ntp Stephen Röttger (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
    - Re: attacking hsts through ntp Stephen Röttger (Oct 20)
    - RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
    - Re: attacking hsts through ntp Tim (Oct 17)
    - Re: attacking hsts through ntp Phil Pennock (Oct 17)
    - Re: attacking hsts through ntp Tim (Oct 17)
    - Re: attacking hsts through ntp Hanno Böck (Oct 18)