[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor DHCPv6

TS Glassey tglassey at earthlink.net
Sun Nov 25 20:55:38 GMT 2007 

----- Original Message ----- 
From: "Brian Utterback" <Brian.Utterback at Sun.COM>
To: "TS Glassey" <tglassey at earthlink.net>
Cc: "Danny Mayer" <mayer at ntp.org>; <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; 
"Ted Lemon" <mellon at fugue.com>; "Richard Gayraud (rgayraud)" 
<rgayraud at cisco.com>
Sent: Sunday, November 25, 2007 11:52 AM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor 
DHCPv6


> But we are not talking about anything to due with the security model, 
> assurance or reliability. The
> question at hand is how to avoid abusive spamming of servers by persistent 
> and pervasive clients.

OK but that sounds like Integrity of Opertions insurance to me, si?

Isnt the issue is how to authenticate any control processes since without 
this I can slam the server's with bad requests to make it unavailable to the 
legit users.

?????

Todd


>
> TS Glassey wrote:
>> Brian - "Likely" isn't something that Auditor's will let you resell as a 
>> commercial product. Likely means that the security model of NTP is 
>> broken. Time transfer MUST be assured and reliable or NTP is more of a 
>> curiosity than the key to the everything many of us believe it to be.
>>
>> Todd Glassey
>>
>> ----- Original Message ----- 
>> From: "Brian Utterback" <Brian.Utterback at Sun.COM>
>> To: "Danny Mayer" <mayer at ntp.org>
>> Cc: <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; "Ted Lemon" 
>> <mellon at fugue.com>; "Richard Gayraud (rgayraud)" <rgayraud at cisco.com>
>> Sent: Sunday, November 25, 2007 4:49 AM
>> Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Optionsfor 
>> DHCPv6
>>
>>
>>
>>> Danny Mayer wrote:
>>>
>>>> Ted Lemon wrote:
>>>>
>>>>
>>>>
>>>>>   The problem you're afraid will happen is
>>>>> not going to happen.
>>>>>
>>>>>
>>>> You're too late. It already has. We are already in the situation that 
>>>> we
>>>> need to take defensive measures against existing errant NTP clients.
>>>>
>>>>
>>>>
>>> No it hasn't. AFAIK, there has not been a case of multitudes of clients
>>> that received NTP server
>>> IP addresses from DHCP spamming servers abusively for extended periods
>>> of time. My gut feel
>>> is that Ted is correct and that this is not likely to be a problem.
>>>
>>> However, the fact that we have had other situations develop into just
>>> such problems means
>>> that examining the proposal for potential abuse scenarios is worthwhile.
>>> Before we start
>>> looking for a compromise solution, perhaps we should look more closely
>>> at the problem.
>>>
>>> For instance, I don't see the problem as being any worse than an
>>> ntp.conf file that has
>>> the server given by an IP address. If you are going to restrict DHCP,
>>> perhaps we
>>> should consider not allowing IP addresses in the ntp.conf file. If you
>>> think that
>>> is absurd, then perhaps the DHCP restriction is absurd as well. Or
>>> perhaps not.
>>>
>>> Brian Utterback
>>> _______________________________________________
>>> ntpwg mailing list
>>> ntpwg at lists.ntp.org
>>> https://lists.ntp.org/mailman/listinfo/ntpwg
>>
>> _______________________________________________
>> ntpwg mailing list
>> ntpwg at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/ntpwg
>>
>

More information about the ntpwg mailing list