Re: [Ntp] NTP Security (was NTPv5: big picture)
Magnus Danielson <magnus@rubidium.se> Tue, 19 January 2021 12:25 UTC
Return-Path: <magnus@rubidium.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFD453A14AB for <ntp@ietfa.amsl.com>; Tue, 19 Jan 2021 04:25:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.361
X-Spam-Level:
X-Spam-Status: No, score=-2.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyidcuhQu93w for <ntp@ietfa.amsl.com>; Tue, 19 Jan 2021 04:24:55 -0800 (PST)
Received: from ste-pvt-msa2.bahnhof.se (ste-pvt-msa2.bahnhof.se [213.80.101.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4413A1425 for <ntp@ietf.org>; Tue, 19 Jan 2021 04:24:52 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by ste-pvt-msa2.bahnhof.se (Postfix) with ESMTP id 9EAAA3F549; Tue, 19 Jan 2021 13:24:50 +0100 (CET)
Authentication-Results: ste-pvt-msa2.bahnhof.se; dkim=pass (2048-bit key; unprotected) header.d=rubidium.se header.i=@rubidium.se header.b=jEQ8e/8h; dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
Authentication-Results: ste-ftg-msa2.bahnhof.se (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from ste-pvt-msa2.bahnhof.se ([127.0.0.1]) by localhost (ste-ftg-msa2.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3F_JqnmQXMn; Tue, 19 Jan 2021 13:24:49 +0100 (CET)
Received: by ste-pvt-msa2.bahnhof.se (Postfix) with ESMTPA id B9FB13F3AA; Tue, 19 Jan 2021 13:24:48 +0100 (CET)
Received: from machine.local (unknown [192.168.0.15]) by magda-gw (Postfix) with ESMTPSA id D856E9A0081; Tue, 19 Jan 2021 13:24:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rubidium.se; s=rubidium; t=1611059087; bh=uX7JGB2acQMoTxWX52gcJ2NTqak4HmwbZo5aQqOhHW4=; h=Cc:Subject:To:References:From:Date:In-Reply-To:From; b=jEQ8e/8hmAY2wU0USio+ObbMEhd4ArjchvmCoobhFKkOwCVXyxQGx7h4d+D6ybO5C jZSm5HHE4awwZqEBZ28EMoIzTFTLE8mSMQXKIBBVYQuSDQi/qnxxO9gtZ34vJya2JY m7DqQaazmlvHDRd/85l6xWaO4AHP0VxHVdv2hrxHN9JYynGcISSN0nI0QK00stB2Z2 Z8JK5RFoiJL1i0raCxvmXAYdkcj/0BAB5/p9CVzrlYOahIvadXNp2Qk+IZfxIPLfW3 dQ5MOygg4AS80ZE3s2vI8cBEkzfV8VjN5WgfPqEAKE0dQXGVFlOR9UfF5L/S/h2HCM GZ1kYmf7RVixA==
Cc: magnus@rubidium.se, Kurt Roeckx <kurt@roeckx.be>, ntp@ietf.org
To: Miroslav Lichvar <mlichvar@redhat.com>
References: <20210118113806.33BBE40605C@ip-64-139-1-69.sjc.megapath.net> <c6fda979-0b3e-99fc-2dc5-25b7cde4c42b@rubidium.se> <20210118162517.GA2410317@localhost> <acdd42d0-9b58-4b26-0798-55a42bc0b6de@rubidium.se> <YAX6gJiREb2RE6Gs@roeckx.be> <c5378682-e03f-9e46-24d5-025eb4a57c05@rubidium.se> <20210119094217.GB2430794@localhost>
From: Magnus Danielson <magnus@rubidium.se>
Message-ID: <68c0d807-2290-3c44-d760-35306af20434@rubidium.se>
Date: Tue, 19 Jan 2021 13:24:37 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <20210119094217.GB2430794@localhost>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/16MrOzGkoDk378aPXQ5YtQ10i-o>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 12:25:05 -0000
Hi, On 2021-01-19 10:42, Miroslav Lichvar wrote: > On Mon, Jan 18, 2021 at 10:28:41PM +0100, Magnus Danielson wrote: >> On 2021-01-18 22:15, Kurt Roeckx wrote: >>> In case keys are compromised, an attacker can send you an invalid >>> initial time. That same attacker can create DNSSEC records, which >>> you're happy to validate with the wrong time. So now you think DNS >>> is working properly and ask for the time again, and still get the >>> wrong time. >> The DNSSEC records need to validate data-wise for the time-attack to do >> any good. The design goal was just to enable the DNSSEC validation to >> have good enough time for time-validation for bootstrap. > I think the point is that you cannot bootstrap secure time out of > nothing. That's a conjecture, yet to be proven. > You either do full validation using some trusted time source > (e.g. RTC), or you don't. RTC is not a trusted time source. I can be just as much a false-ticker as any source you see. Do not trust the RTC to be near true time, it's failed before and it will fail again. It's just another source of time, it can be helpful to bootstrap things, but until validated you do not trust it. This is really about doing a trust analysis. We seem to accept that we can trust the authenticity of messages we get through DNSSEC validation. We seem to accept that we can trust the authenticity of messages we get through X.509 and NTS validation. Both these is data validity. Now, to bootstrap things, we need time to achieve the DNSSEC validation, but we say we do not trust the time until we achieved both DNSSEC and NTS validation. So, if we acquire a time-stamp from what should be an authentic time-source, without authentication being done, we can first see if that checks out through the data validation part, which does not require precise time. As we then have gone through both data validations we then say that we trust the data of time, and using this we validate the original time-stamp to see if that is consistent. If we can also after the fact authenticate that time-stamp data-wise, so much better. In this process we only assumed that the original timestamp was valid durign the data-validation phase, and we already stated that we trust the data validation part, and later test that assumption. Now, regardless of which time-source led you astray, on the network or local as the RTC, you must have a way to get away from that. If you have local time source which pass the test of being valid, then it can be used to speed things up, but whenever you put too high trust in something that may lie to you, you end up in a dead-lock situation. Treat the RTC as a read-cache. It may be valid and help you, but that's about that. The trick I used was that I did not trust any time, but I did trust the data. If the initial time (really regardless where you get it) does not make data validate, this could be because either the time or the data is incorrect, or indeed both but not consistent. If we manage to get through the trust loop of the data (potentially lying with the time to make the DNSSEC validation check out even if it should be invalid), we have yet not proved something. Now, then the independent data check of the X.509 NTS path validate the data of the timing, again. Using DANE we can provide a hand-off between DNSSEC and X.509 path that also needs to be correct and valid, and again more data-trust that needs to be there. Only as we built this data-trust and combine that we attain a time-stamp we trust in data, and then we use that to check the validity of the original time given. If consistent within some reasonable time (and here we need to compensate for elapsed time naturally), and the process took reasonable time, the trusted time we got helps in the end. Now, this is jumping a bunch of loops in a strange way. Notice that the time taken initial is not set as node time at all, it's just a timestamp we use for the other processing as an assumed correct time to see if it all checks out. If you want to be really careful you run the process again but now with the trusted time, but since you already checked the original first time was consistent with what came out validated, it ends up being the same thing. Then, you should do this to all your time-sources and do the normal validation of trust in time that way too. But, if you do your tricks properly, you can indeed pull your bunny out of an empty hat. If someone compromise both the DNSSEC and X.509 path, it's game over. We are not alone in that fight, but rather we use the same tools and their development further to also acquire some confidence in the time we get. Throughout the discussion, the ability to validate the root certificates for DNSSEC and X.509 is assumed. Those public keys needs to be updated regular enough. Failure to validate would indicate that those keys could be out of date. > It doesn't matter if multiple systems are > involved and their data seem consistent with each other. > > Even if we assume the attacker didn't manipulate the DNS(SEC) records, > there is a possibility the name or address is no longer under the > control of the original owner when those records were valid. In the > pool that happens frequently. > This comes into how we disseminate the trust in particular boxes. That's a separate issue, albeit we should also talk about that. There is those I trust more over others. My choices there will not be the same as the next guy. For NTP pool that much more an issue than specific known servers. I aimed to solve the problem of how to bootstrap getting time to a server we assume to be trusted in the first place, but we might not trust that we get all the right pieces from what looks to be it. I think the sub-problem is solved, the other pieces is outside of that scope. Do not overly trust your RTC. Cheers, Magnus
- [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Paul Gear
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Hal Murray
- [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Kurt Roeckx
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Dieter Sibold
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Warner Losh
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Paul Gear
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Paul Gear
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Steve Allen
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… James
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) James
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) Harlan Stenn
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Mark Andrews
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Doug Arnold
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: NTP Security (was NTPv5: bi… Ulrich Windl