[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor DHCPv6
TS Glassey
tglassey at earthlink.net
Sun Nov 25 14:18:09 GMT 2007
Brian - "Likely" isn't something that Auditor's will let you resell as a
commercial product. Likely means that the security model of NTP is broken.
Time transfer MUST be assured and reliable or NTP is more of a curiosity
than the key to the everything many of us believe it to be.
Todd Glassey
----- Original Message -----
From: "Brian Utterback" <Brian.Utterback at Sun.COM>
To: "Danny Mayer" <mayer at ntp.org>
Cc: <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; "Ted Lemon" <mellon at fugue.com>;
"Richard Gayraud (rgayraud)" <rgayraud at cisco.com>
Sent: Sunday, November 25, 2007 4:49 AM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor
DHCPv6
> Danny Mayer wrote:
>> Ted Lemon wrote:
>>
>>
>>> The problem you're afraid will happen is
>>> not going to happen.
>>>
>>
>> You're too late. It already has. We are already in the situation that we
>> need to take defensive measures against existing errant NTP clients.
>>
>>
>
> No it hasn't. AFAIK, there has not been a case of multitudes of clients
> that received NTP server
> IP addresses from DHCP spamming servers abusively for extended periods
> of time. My gut feel
> is that Ted is correct and that this is not likely to be a problem.
>
> However, the fact that we have had other situations develop into just
> such problems means
> that examining the proposal for potential abuse scenarios is worthwhile.
> Before we start
> looking for a compromise solution, perhaps we should look more closely
> at the problem.
>
> For instance, I don't see the problem as being any worse than an
> ntp.conf file that has
> the server given by an IP address. If you are going to restrict DHCP,
> perhaps we
> should consider not allowing IP addresses in the ntp.conf file. If you
> think that
> is absurd, then perhaps the DHCP restriction is absurd as well. Or
> perhaps not.
>
> Brian Utterback
> _______________________________________________
> ntpwg mailing list
> ntpwg at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg
More information about the ntpwg
mailing list