IETF Logo Mail Archive

Re: [Ntp] NTP Security (was NTPv5: big picture)

Hal Murray <hmurray@megapathdsl.net> Sun, 17 January 2021 01:34 UTC

Return-Path: <hmurray@megapathdsl.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A9CB3A1B00 for <ntp@ietfa.amsl.com>; Sat, 16 Jan 2021 17:34:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.036
X-Spam-Level: *
X-Spam-Status: No, score=1.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_DYNAMIC_IPADDR=1.951, PDS_RDNS_DYNAMIC_FP=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wo1Zb17WbBA7 for <ntp@ietfa.amsl.com>; Sat, 16 Jan 2021 17:34:53 -0800 (PST)
Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by ietfa.amsl.com (Postfix) with ESMTP id B9D023A1AFF for <ntp@ietf.org>; Sat, 16 Jan 2021 17:34:53 -0800 (PST)
Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id 498EF40605C; Sat, 16 Jan 2021 17:34:52 -0800 (PST)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
To: Watson Ladd <watsonbladd@gmail.com>
cc: Hal Murray <hmurray@megapathdsl.net>, NTP WG <ntp@ietf.org>
From: Hal Murray <hmurray@megapathdsl.net>
In-Reply-To: Message from Watson Ladd <watsonbladd@gmail.com> of "Sat, 16 Jan 2021 11:02:32 PST." <CACsn0cm=d3z+ceTDMaw2LDHg_AeNoxbs411iEFNpGpnWcyvZvw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 16 Jan 2021 17:34:52 -0800
Message-Id: <20210117013452.498EF40605C@ip-64-139-1-69.sjc.megapath.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/2TpXPHuUlF_WhT1zCTbDUPXzELQ>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jan 2021 01:34:56 -0000

watsonbladd@gmail.com said:
> I'd like to see some input from people who operate the pool on what solutions
> would work for them. Right now we're sort of flying blind. Perhaps we can
> discuss at IETF 110? 

I think there are 2 levels to discuss.  One is technical.  If I have something 
like the pool, how can I distribute the information about which systems are 
"in the pool" from pool-central to pool clients in a secure way that allows 
clients to verify that they are talking to the specified server.

The other is how to setup a system run by many many volunteers so that you 
only get "good" volunteers.

Until we solve the second problem, I think discussing the technical issues is 
misleading.


-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email