oss-sec mailing list archives

Re: tlsdate havoc ahead - default host randomizes tls timestamps

From: Florian Weimer <fweimer () redhat com>
Date: Fri, 24 Apr 2015 09:50:11 +0200

On 04/23/2015 05:37 PM, Hanno Böck wrote:

And there is some work done in the IETF to create a secure version of
ntp:

https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-08
https://tools.ietf.org/html/draft-ietf-ntp-cms-for-nts-message-03
https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-00


I've been arguing to replace the custom security protocol they have
invented with DTLS.  The discussion is happening on the IETF NTP working
group mailing list: <http://lists.ntp.org/listinfo/ntpwg>  (Note:
somewhat unusual for IETF lists, it's moderated, for first-time posters
at least.)


-- 
Florian Weimer / Red Hat Product Security

Current thread:

tlsdate havoc ahead - default host randomizes tls timestamps Hanno Böck (Apr 23)
- Re: tlsdate havoc ahead - default host randomizes tls timestamps Sven Kieske (Apr 23)
- Re: tlsdate havoc ahead - default host randomizes tls timestamps Florian Weimer (Apr 24)