[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6

TS Glassey tglassey at earthlink.net
Mon Nov 26 19:35:56 GMT 2007 

Ted if that is all you are doing here then lets also send this to the NEA 
people too...

Todd
----- Original Message ----- 
From: "Ted Lemon" <mellon at fugue.com>
To: <dhcwg at ietf.org>
Cc: <ntpwg at lists.ntp.org>; "Mark Andrews" <Mark_Andrews at isc.org>; "TS 
Glassey" <tglassey at earthlink.net>; "Richard Gayraud (rgayraud)" 
<rgayraud at cisco.com>
Sent: Monday, November 26, 2007 11:14 AM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) 
OptionsforDHCPv6


>> So let's say Acme Routers ships a router with a builtin DHCP server
>> which provides NTP server addresses to provide to the DHCP clients and
>> they put just one address in it.
>
> There simply is no defense against this.   If a vendor of a broadly- 
> distributed device does something stupid, someone gets shafted.
>
> You can write a requirement into the draft, and if they read it and 
> follow it, that's really great, but my experience is that people skim 
> drafts - they don't read them carefully.   They read carefully when 
> something breaks and they have to figure out what they did wrong, but  for 
> a case like this, it won't be obviously broken until there are  millions 
> of units in the field all providing the same information.
>
> So yes, by all means put a paragraph like this in the draft:
>
> DHCP servers MUST NOT contain a default or predefined value for the  NTP 
> option.   DHCP servers MUST NOT send an NTP option unless a value  has 
> been explicitly configured by an administrator or end user.
>
> The best defense you have against people doing this is that the NTP  mass 
> murder problem has made the news a couple of times, and people  have been 
> sued over it.   So a sensible vendor of SOHO equipment or  cable modems is 
> going to do the right thing, because they don't want  to get sued.
>
> Furthermore, CableLabs has a process for doing conformance testing, so  if 
> you want to be really sure that this never happens again, you  should work 
> with them to add this to their requirements and their  certification 
> process.   At that point, a device wouldn't be able to  be certified if it 
> did the wrong thing, and this would be a real and  meaningful protection 
> for you.
>
> But the main point that I keep making and that people keep ignoring is 
> that this problem is not solved by using a domain name in place of an  IP 
> address.   Using the domain name simply means that the place where  the 
> badness would occur is different.   It's still a problem for the  SOHO box 
> or cable modem to be preconfigured with a name like  "NTP.POMME.FR" - the 
> only difference is that in that case not only  will the NTP server at 
> NTP.POMME.FR get slammed, but also the name  server for NTP.POMME.FR will 
> get slammed.
>
> So my point is that whether we use an IP address or a domain name, the 
> same problem still occurs.   So the fact that the problem exists can't  be 
> used as a justification for using one over the other.
>

More information about the ntpwg mailing list