Re: can we talk about secure time?

[Daniel Micay <danielmicay () gmail com>]

On 20/12/14 12:47 PM, ncl () cock li wrote:
> On 20/12/14 03:27, Hanno Böck wrote:
> > A strange discussion. Because ntp is insecure by design. It is an
> > unauthenticated, insecure protocol that is suspectible to
> > man-in-the-middle-attacks. Frankly, I don't care which implementation
> > of an insecure protocol has less buffer overflows.
>
> How broken are the authentication methods already present in ntpd?[1]
> So far there appears to be only DES/MD5 keys, and with autokey, RSA/DH
> (but apparently autokey doesn't work behind NAT?)
> As far as I know, distros don't typically set these up, would it be
> worth it to enable and improve on these, or just make something new?
>
> Considering OSes already set up their own ntp pools[2], they could also
> provide their own trusted keys in their ntpd packages.
>
>
> [1] http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3143
> [2] (ubuntu|openbsd|debian|netbsd|fedora).pool.ntp.org

Those operating systems don't actually have their own NTP pools. They
are just vendor zones hitting the same ntp.org pool. The resources put
into it amount it asking ntp.org for a vendor zone and they only do it
because upstream kindly asks for it (perhaps for metrics):

http://www.pool.ntp.org/vendors.html#vendor-zone

Attachment: signature.asc
Description: OpenPGP digital signature