[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor DHCPv6

Brian Utterback Brian.Utterback at Sun.COM
Sun Nov 25 19:52:45 GMT 2007 

But we are not talking about anything to due with the security model, 
assurance or reliability. The
question at hand is how to avoid abusive spamming of servers by 
persistent and pervasive clients.

TS Glassey wrote:
> Brian - "Likely" isn't something that Auditor's will let you resell as a 
> commercial product. Likely means that the security model of NTP is broken. 
> Time transfer MUST be assured and reliable or NTP is more of a curiosity 
> than the key to the everything many of us believe it to be.
>
> Todd Glassey
>
> ----- Original Message ----- 
> From: "Brian Utterback" <Brian.Utterback at Sun.COM>
> To: "Danny Mayer" <mayer at ntp.org>
> Cc: <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; "Ted Lemon" <mellon at fugue.com>; 
> "Richard Gayraud (rgayraud)" <rgayraud at cisco.com>
> Sent: Sunday, November 25, 2007 4:49 AM
> Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor 
> DHCPv6
>
>
>   
>> Danny Mayer wrote:
>>     
>>> Ted Lemon wrote:
>>>
>>>
>>>       
>>>>   The problem you're afraid will happen is
>>>> not going to happen.
>>>>
>>>>         
>>> You're too late. It already has. We are already in the situation that we
>>> need to take defensive measures against existing errant NTP clients.
>>>
>>>
>>>       
>> No it hasn't. AFAIK, there has not been a case of multitudes of clients
>> that received NTP server
>> IP addresses from DHCP spamming servers abusively for extended periods
>> of time. My gut feel
>> is that Ted is correct and that this is not likely to be a problem.
>>
>> However, the fact that we have had other situations develop into just
>> such problems means
>> that examining the proposal for potential abuse scenarios is worthwhile.
>> Before we start
>> looking for a compromise solution, perhaps we should look more closely
>> at the problem.
>>
>> For instance, I don't see the problem as being any worse than an
>> ntp.conf file that has
>> the server given by an IP address. If you are going to restrict DHCP,
>> perhaps we
>> should consider not allowing IP addresses in the ntp.conf file. If you
>> think that
>> is absurd, then perhaps the DHCP restriction is absurd as well. Or
>> perhaps not.
>>
>> Brian Utterback
>> _______________________________________________
>> ntpwg mailing list
>> ntpwg at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/ntpwg 
>>     
>
> _______________________________________________
> ntpwg mailing list
> ntpwg at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg
>

More information about the ntpwg mailing list