oss-sec mailing list archives

Re: attacking hsts through ntp

From: Stephen Röttger <stephen.roettger () gmail com>
Date: Mon, 20 Oct 2014 09:17:20 +0000

What about RFC 5906 and the current authentication schemes
(http://www.eecis.udel.edu/~mills/ntp/html/authentic.html) ?


The protocol from RFC 5906 is completely broken:
  http://www.eecis.udel.edu/~mills/security.html
  http://zero-entropy.de/autokey_analysis.pdf

The symmetric schemes are probably fine but hard to set up. But it looks
like the NIST provides authenticated NTP:
http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm

Current thread:

Re: attacking hsts through ntp, (continued)
- - - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Michal Zalewski (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 16)
    - Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Michael Samuel (Oct 16)
  - Re: attacking hsts through ntp Kurt Seifried (Oct 16)
    - Re: attacking hsts through ntp Hanno Böck (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
    - Re: attacking hsts through ntp Stephen Röttger (Oct 17)
    - Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
    - Re: attacking hsts through ntp Stephen Röttger (Oct 20)
    - RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
    - Re: attacking hsts through ntp Tim (Oct 17)
    - Re: attacking hsts through ntp Phil Pennock (Oct 17)
    - Re: attacking hsts through ntp Tim (Oct 17)
    - Re: attacking hsts through ntp Hanno Böck (Oct 18)