IETF Logo Mail Archive

[dhcwg] Re: [ntpwg] Digital Evidence Standards and a statement that this directly effects NTP and its use...

"TS Glassey" <tglassey@earthlink.net> Wed, 14 November 2007 14:57 UTC

Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IsJga-0005Sz-2a; Wed, 14 Nov 2007 09:57:48 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IsJgY-0005SA-Em for dhcwg@ietf.org; Wed, 14 Nov 2007 09:57:46 -0500
Received: from elasmtp-dupuy.atl.sa.earthlink.net ([209.86.89.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IsJgU-0001b0-DB for dhcwg@ietf.org; Wed, 14 Nov 2007 09:57:46 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=IN7ZRDQmyxL0wyVRmQkxSqVjJUD/t22TNs1ow17rbyL2qMLCZYc943b9WZ2Qc7dt; h=Received:Message-ID:From:To:Cc:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [24.23.176.93] (helo=tsg1) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1IsJgT-0005SA-1N; Wed, 14 Nov 2007 09:57:41 -0500
Message-ID: <000f01c826ce$b4494bc0$6401a8c0@tsg1>
From: TS Glassey <tglassey@earthlink.net>
To: shane_kerr@isc.org
References: <A05118C6DF9320488C77F3D5459B17B7062ED3C6@xmb-ams-333.emea.cisco.com><4733482A.7020302@sun.com><A05118C6DF9320488C77F3D5459B17B70634E4E5@xmb-ams-333.emea.cisco.com><4735A243.6090905@sun.com> <47368636.3070007@udel.edu><4736F7A7.2090707@sun.com> <473736A7.5000801@udel.edu><47387778.4030702@sun.com> <47391B04.8080202@udel.edu> <006801c82641$cd256990$6401a8c0@tsg1> <473AC2CA.2080509@isc.org>
Date: Wed, 14 Nov 2007 06:57:37 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79efc464e1a1329cd30a6393c93a2d9284350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 24.23.176.93
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
Cc: ntpwg@lists.ntp.org, dhcwg@ietf.org
Subject: [dhcwg] Re: [ntpwg] Digital Evidence Standards and a statement that this directly effects NTP and its use...
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

----- Original Message ----- 
From: "Shane Kerr" <Shane_Kerr@isc.org>
To: "TS Glassey" <tglassey@earthlink.net>
Cc: <ntpwg@lists.ntp.org>; <dhcwg@ietf.org>
Sent: Wednesday, November 14, 2007 1:41 AM
Subject: Re: [ntpwg] Digital Evidence Standards and a statement that this 
directly effects NTP and its use...


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Todd,
>
> TS Glassey wrote:
>>
>> Google the actual ruling here:
>> http://www.google.com/search?q=lorraine+v+markel&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7GGLF
>
> A massive triumph of legal formalism over common sense, IMHO.

Yeah - I hear this same statement from Systems Administrator's - the same 
buch of guys and girls that keep failing those IT Security Audits... so I 
look to their commentary as their way of getting out of doing a honest day's 
work. If that statement offfends you as much as a buch of Systems 
Administrator's trying to control the world of Information Security becuase 
they are too freaking lazy to 'do it right', well... you explain to me why 
so many folks fail those audits again and again ???

This ruling sets the world of the System Administrator on its arse and did 
so globally by eliminating the concept that there is no-such thing as a 
digital original. In fact there is and the issue is that while document 
conterfeiting used to be more difficult, now a days it is as easy as saying 
'cp file1-name counterfeit-file name'...

>
>> Bluntly, the world changed a tad on May 4th and while this effort is 
>> pointed
>> at the physics of operating NTP, these new controls impact any work with 
>> any
>> other Standardized Protocol as well... What this means to people who NTP 
>> is
>> a part of their commercial offering, is that they MUST apply these new
>> standards to this code and its support as well, or they must use their 
>> own
>> internal code-base's rather than depending on one here. I think this 
>> ruling
>> re-set the bar heighth, and it is now much higher - even for an Academic
>> Entity. As to how this effects this WG, we need to build tools that are
>> capable of being used in these key application contexts or this protocol
>> will likely be ultimately replaced.
>
> I'm a little slow this morning... I can't figure out how this standard 
> applies
> to NTP.

OK Shane, I personally think the ruling means that there are now 
requirement's for tight and reliable evidence ganthering and maintanence in 
all aspects of the use of something creating digital evidence, especially 
when those processes run automatically below the general control of the 
end-user... It sets a new bar-height for demonstrating the quality of the 
system and the security in place for its use. So in some senses its NOT the 
NTP protocol itslef but its use that are impacted. Certianly the integrity 
of the code management process will become a real issue.

For what its worth this matter is before the US Appellate Court right now to 
get it advanced into real precedent "standard" from the persusave precedent 
it is now and all concerned will need to understand this and comply with it.

> Can you explain what it means, from a protocol and a software point of
> view (plain English preferred, technical gibberish okay, no legalese 
> please)?

1)    REAL reliable NTP user models MUST be developed. That means Use 
Statment's and what the system will provide in the form of timestamps per 
second based on some baseline metric.

2)    A real TEST PLAN needs to exist for each program in the NTP Suite and 
that will  be executed by the supporting party. Its MUCH better for the 
commercial relying parties if they dont develop the core of this TEST PLAN 
but rather just customize the one used to pre-certify the operations of NTP 
in their environment.

3)    The entity holding the Code Base will have to take full responsibility 
for that as well, meaning that they will become liable for screwup's or 
damages that people suffer using the code.

4)    The "No warranty for fitness" language needs to be removed from the 
license IMHO, because if there is no accountability in the time transfer 
process there is no point in using it.

Hmmm- what would that mean for the ISC by the way? - could it step to the 
plate and put in place a secured and audited change control process and 
service? Could it and will it bear the expense of those?


Just my two cents.

Todd Glassey

>
> - --
> Shane
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHOsLAMsfZxBO4kbQRAk8uAKCjfp0XvQUKcCat2oBvUDOBgZ39fwCfWtcN
> 5ejJMaSb3blH3h/9kohaioo=
> =4DDy
> -----END PGP SIGNATURE----- 


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email