[dhcwg] Re: [ntpwg] Digital Evidence Standards and a statement that this directly effects NTP and its use...
"TS Glassey" <tglassey@earthlink.net> Wed, 14 November 2007 14:57 UTC
Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IsJga-0005Sz-2a; Wed, 14 Nov 2007 09:57:48 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IsJgY-0005SA-Em for dhcwg@ietf.org; Wed, 14 Nov 2007 09:57:46 -0500
Received: from elasmtp-dupuy.atl.sa.earthlink.net ([209.86.89.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IsJgU-0001b0-DB for dhcwg@ietf.org; Wed, 14 Nov 2007 09:57:46 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=IN7ZRDQmyxL0wyVRmQkxSqVjJUD/t22TNs1ow17rbyL2qMLCZYc943b9WZ2Qc7dt; h=Received:Message-ID:From:To:Cc:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [24.23.176.93] (helo=tsg1) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1IsJgT-0005SA-1N; Wed, 14 Nov 2007 09:57:41 -0500
Message-ID: <000f01c826ce$b4494bc0$6401a8c0@tsg1>
From: TS Glassey <tglassey@earthlink.net>
To: shane_kerr@isc.org
References: <A05118C6DF9320488C77F3D5459B17B7062ED3C6@xmb-ams-333.emea.cisco.com><4733482A.7020302@sun.com><A05118C6DF9320488C77F3D5459B17B70634E4E5@xmb-ams-333.emea.cisco.com><4735A243.6090905@sun.com> <47368636.3070007@udel.edu><4736F7A7.2090707@sun.com> <473736A7.5000801@udel.edu><47387778.4030702@sun.com> <47391B04.8080202@udel.edu> <006801c82641$cd256990$6401a8c0@tsg1> <473AC2CA.2080509@isc.org>
Date: Wed, 14 Nov 2007 06:57:37 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79efc464e1a1329cd30a6393c93a2d9284350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 24.23.176.93
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
Cc: ntpwg@lists.ntp.org, dhcwg@ietf.org
Subject: [dhcwg] Re: [ntpwg] Digital Evidence Standards and a statement that this directly effects NTP and its use...
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org
----- Original Message ----- From: "Shane Kerr" <Shane_Kerr@isc.org> To: "TS Glassey" <tglassey@earthlink.net> Cc: <ntpwg@lists.ntp.org>; <dhcwg@ietf.org> Sent: Wednesday, November 14, 2007 1:41 AM Subject: Re: [ntpwg] Digital Evidence Standards and a statement that this directly effects NTP and its use... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Todd, > > TS Glassey wrote: >> >> Google the actual ruling here: >> http://www.google.com/search?q=lorraine+v+markel&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7GGLF > > A massive triumph of legal formalism over common sense, IMHO. Yeah - I hear this same statement from Systems Administrator's - the same buch of guys and girls that keep failing those IT Security Audits... so I look to their commentary as their way of getting out of doing a honest day's work. If that statement offfends you as much as a buch of Systems Administrator's trying to control the world of Information Security becuase they are too freaking lazy to 'do it right', well... you explain to me why so many folks fail those audits again and again ??? This ruling sets the world of the System Administrator on its arse and did so globally by eliminating the concept that there is no-such thing as a digital original. In fact there is and the issue is that while document conterfeiting used to be more difficult, now a days it is as easy as saying 'cp file1-name counterfeit-file name'... > >> Bluntly, the world changed a tad on May 4th and while this effort is >> pointed >> at the physics of operating NTP, these new controls impact any work with >> any >> other Standardized Protocol as well... What this means to people who NTP >> is >> a part of their commercial offering, is that they MUST apply these new >> standards to this code and its support as well, or they must use their >> own >> internal code-base's rather than depending on one here. I think this >> ruling >> re-set the bar heighth, and it is now much higher - even for an Academic >> Entity. As to how this effects this WG, we need to build tools that are >> capable of being used in these key application contexts or this protocol >> will likely be ultimately replaced. > > I'm a little slow this morning... I can't figure out how this standard > applies > to NTP. OK Shane, I personally think the ruling means that there are now requirement's for tight and reliable evidence ganthering and maintanence in all aspects of the use of something creating digital evidence, especially when those processes run automatically below the general control of the end-user... It sets a new bar-height for demonstrating the quality of the system and the security in place for its use. So in some senses its NOT the NTP protocol itslef but its use that are impacted. Certianly the integrity of the code management process will become a real issue. For what its worth this matter is before the US Appellate Court right now to get it advanced into real precedent "standard" from the persusave precedent it is now and all concerned will need to understand this and comply with it. > Can you explain what it means, from a protocol and a software point of > view (plain English preferred, technical gibberish okay, no legalese > please)? 1) REAL reliable NTP user models MUST be developed. That means Use Statment's and what the system will provide in the form of timestamps per second based on some baseline metric. 2) A real TEST PLAN needs to exist for each program in the NTP Suite and that will be executed by the supporting party. Its MUCH better for the commercial relying parties if they dont develop the core of this TEST PLAN but rather just customize the one used to pre-certify the operations of NTP in their environment. 3) The entity holding the Code Base will have to take full responsibility for that as well, meaning that they will become liable for screwup's or damages that people suffer using the code. 4) The "No warranty for fitness" language needs to be removed from the license IMHO, because if there is no accountability in the time transfer process there is no point in using it. Hmmm- what would that mean for the ISC by the way? - could it step to the plate and put in place a secured and audited change control process and service? Could it and will it bear the expense of those? Just my two cents. Todd Glassey > > - -- > Shane > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHOsLAMsfZxBO4kbQRAk8uAKCjfp0XvQUKcCat2oBvUDOBgZ39fwCfWtcN > 5ejJMaSb3blH3h/9kohaioo= > =4DDy > -----END PGP SIGNATURE----- _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Network Time Protocol (NTP) Options for D… Benoit Lourdelet (blourdel)
- [dhcwg] RE: [ntpwg] Network Time Protocol (NTP) O… Benoit Lourdelet (blourdel)
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Bud Millwood
- [dhcwg] Re: [ntpwg] Digital Evidence Standards an… Shane Kerr
- [dhcwg] RE: [ntpwg] Network Time Protocol (NTP) O… Mark Elliot
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Harlan Stenn
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Brian Utterback
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Brian Utterback
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… David L. Mills
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Brian Utterback
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… David L. Mills
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… TS Glassey
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Brian Utterback
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… David L. Mills
- [dhcwg] Digital Evidence Standards and a statemen… TS Glassey
- [dhcwg] Re: [ntpwg] Digital Evidence Standards an… TS Glassey
- [dhcwg] Re: Digital Evidence Standards and a stat… David L. Mills
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ted Lemon
- [dhcwg] Re: [ntpwg] Network Time Protocol (NTP) O… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ralph Droms
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David L. Mills
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ted Lemon
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Brian Utterback
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Brian Utterback
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ted Lemon
- RE: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Benoit Lourdelet (blourdel)
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ralph Droms
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Harlan Stenn
- RE: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Benoit Lourdelet (blourdel)
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Stapp
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Andrews
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Andrews
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Andrews
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Bud Millwood
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Benoit Lourdelet (blourdel)
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… M. Warner Losh
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Benoit Lourdelet (blourdel)
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… anthony.flavin
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Stapp
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… TS Glassey
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brian Utterback
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Mark Stapp
- Re: [dhcwg] Re: [ntpwg] Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David L. Mills
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brad Knowles
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Danny Mayer
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Hal Murray
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brad Knowles
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brad Knowles
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… anthony.flavin
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… David W. Hankins
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Josh Littlefield
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Brzozowski, John
- Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Ted Lemon
- Re: [dhcwg] Network Time Protocol (NTP) Options f… Bud Millwood
- Re: [dhcwg] Network Time Protocol (NTP) Options f… Mark Stapp
- Re: [dhcwg] Network Time Protocol (NTP) Options f… Ted Lemon
- RE: [ntpwg] [dhcwg] Re: Network Time Protocol (NT… Woundy, Richard
- Re: [dhcwg] Network Time Protocol (NTP) Options f… Danny Mayer
- RE: [ntpwg] [dhcwg] Network Time Protocol (NTP) O… Richard Gayraud (rgayraud)
- Re: [ntpwg] [dhcwg] Network Time Protocol (NTP) O… Brian Utterback
- Re: [ntpwg] [dhcwg] Network Time Protocol (NTP) O… Brad Knowles
- RE: [ntpwg] [dhcwg] Network Time Protocol (NTP) O… anthony.flavin
- Re: [ntpwg] [dhcwg] Network Time Protocol (NTP) O… Danny Mayer