Re: Carrier class email security recommendation

[John Kristoff <jtk () cymru com>]

On Mon, 12 Apr 2010 07:09:12 -0700
todd glassey <tglassey () earthlink net> wrote:

> Alex there are many email systems out there - but make sure that
> whatever you buy can support NTPv4 and not SNTP or unauthenticated NTP
> since this is how the GW is going to be able to put time-marks on
> receipts which must have legal authority.

Hi Todd,

I think this is the first I've heard that only authenticated NTP (and
maybe even NTPv4?) is sufficient for legal authority.  Can you say a
bit more about this?  Perhaps, what sorts of issues you've run into or
seen when this is not implemented?

> So that means any appliance system provider must have at least NTPv4
> tested with both Autokey and symmetric-key and the new interface
> specific ACL's in the 4.2.6 versions of NTP. Further the issues of the
> ECC/Parity memory become important here because time is moved over UDP
> and is subject to single-bit errors all over the place.

Authentication support for SNTP does exist in the protocol and I've
seen documentation where some gear supports it, though I suspect its
very rarely used in practice.

And 4.2.6p1 was released 3 days ago and 4.2.6 in December.  Might be
a tall order if you want it now.  :-)

I haven't work out the math, but I would have thought the UDP checksum,
coupled with a rigorous implementation (e.g. validates the originate and
transmit timestamps) and the various robustness mechanisms built into
the protocol should limit the effect of single-bit errors significantly.
I'd be interested in hearing or reading about experience that says
otherwise.

Nevertheless there are no doubt incorrect clocks all over the place.
As a simple example, for the open NTP servers we know about, here is
the top five most popular stratums by percent:

  stratum    %
        3   43
        4   18
        2   16
       16   14
        5    5

The overall accuracy of all those stratum 16 clocks is likely going
to be poor.

John