Re: [Ntp] NTP Security (was NTPv5: big picture)
Magnus Danielson <magnus@rubidium.se> Mon, 18 January 2021 21:28 UTC
Return-Path: <magnus@rubidium.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8503A0B9F for <ntp@ietfa.amsl.com>; Mon, 18 Jan 2021 13:28:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.361
X-Spam-Level:
X-Spam-Status: No, score=-2.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rubidium.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZw08-srhJkx for <ntp@ietfa.amsl.com>; Mon, 18 Jan 2021 13:28:51 -0800 (PST)
Received: from pio-pvt-msa1.bahnhof.se (pio-pvt-msa1.bahnhof.se [79.136.2.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24D813A0B91 for <ntp@ietf.org>; Mon, 18 Jan 2021 13:28:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTP id 50DCC3F518; Mon, 18 Jan 2021 22:28:45 +0100 (CET)
Authentication-Results: pio-pvt-msa1.bahnhof.se; dkim=pass (2048-bit key; secure) header.d=rubidium.se header.i=@rubidium.se header.b="Ugv1qWH0"; dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
Received: from pio-pvt-msa1.bahnhof.se ([127.0.0.1]) by localhost (pio-pvt-msa1.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzLdfBhD-yQx; Mon, 18 Jan 2021 22:28:43 +0100 (CET)
Received: by pio-pvt-msa1.bahnhof.se (Postfix) with ESMTPA id C99DB3F4EB; Mon, 18 Jan 2021 22:28:42 +0100 (CET)
Received: from machine.local (unknown [192.168.0.15]) by magda-gw (Postfix) with ESMTPSA id 50BD59A0072; Mon, 18 Jan 2021 22:28:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rubidium.se; s=rubidium; t=1611005322; bh=ihMJ/Qohwspdor+FnFrXjILSgot2TirCeG+wNuIycFc=; h=Cc:Subject:To:References:From:Date:In-Reply-To:From; b=Ugv1qWH04K6cDn0LgNxOjz0aoA1u3epc0Lw0VVuARYVpjIVdi4QyqpoE+iTF8IWDW PoBivb3WTh1Lma50UvN+I1FGMn+iN/eGelG9+oSTmGM2rTjSleI7jpaD5WPTLRvHML sUXCo4+AdNNbByT3VJ4YUj4CpKtl2Z38QB2pEH0xKe2QZ/tgEZAgJ7NH7CN9tFWGKC fHYPerTRNVI/hA2VoxwBQFe0bVqyN/TJJTrDUycRDAoDt++aTezzmHt9qhqje5M9T2 7++NLoGInXN0DaanaMYls6n1vgxgX8PiUtGJOZ6/9sP2qEc3w6sFymUtlRaMBlHtKc iuY9Urs0yNI7g==
Cc: magnus@rubidium.se, Miroslav Lichvar <mlichvar@redhat.com>, ntp@ietf.org
To: Kurt Roeckx <kurt@roeckx.be>
References: <20210118113806.33BBE40605C@ip-64-139-1-69.sjc.megapath.net> <c6fda979-0b3e-99fc-2dc5-25b7cde4c42b@rubidium.se> <20210118162517.GA2410317@localhost> <acdd42d0-9b58-4b26-0798-55a42bc0b6de@rubidium.se> <YAX6gJiREb2RE6Gs@roeckx.be>
From: Magnus Danielson <magnus@rubidium.se>
Message-ID: <c5378682-e03f-9e46-24d5-025eb4a57c05@rubidium.se>
Date: Mon, 18 Jan 2021 22:28:41 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <YAX6gJiREb2RE6Gs@roeckx.be>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/TqkPoJK1K0kDCcZWrlUZx4dYWeA>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2021 21:28:56 -0000
Kurt, On 2021-01-18 22:15, Kurt Roeckx wrote: > On Mon, Jan 18, 2021 at 09:17:49PM +0100, Magnus Danielson wrote: >> Hi, >> >> On 2021-01-18 17:25, Miroslav Lichvar wrote: >>> On Mon, Jan 18, 2021 at 04:46:22PM +0100, Magnus Danielson wrote: >>>> 6) If verified time matches that of the initial handshake request (as >>>> updated using local time progess), then unauthenticated time in step 2 >>>> and 3 was valid, and thus the verification was valid and progress, else >>>> fail. >>>> >>>> So, we see how unauthenticated time can be used to bootstrap the >>>> handshake. Notice that this is not used to initiate node time, but only >>>> for that handshake. Only after things is secured, you accept time as >>>> being secured. >>> I don't quite follow. If A was compromised at some point, how do you >>> know you are not talking to the attacker intercepting your requests >>> and giving you old signatures? Isn't the whole point of the validity >>> period to prevent such attacks? If you don't know the current time, >>> how can you validate anything that's not supposed to be trusted >>> forever? >>> >> You actually do not trust the time you get initially. You validate it. >> If your DNSSEC is invalid because of time, then the DNSSEC does not >> validate. If your DNSSEC is invalid because false data, the DNSSEC does >> not validate. Then, if and only if DNSSEC validate, only then you get >> time but using the data-validated path, and only then you validate if >> the original time and the validated time match up. If they don't, then >> you do not trust either. If you can spoof the DNSSEC to validate, you >> are toast anyway, if you have put your trust there. > In case keys are compromised, an attacker can send you an invalid > initial time. That same attacker can create DNSSEC records, which > you're happy to validate with the wrong time. So now you think DNS > is working properly and ask for the time again, and still get the > wrong time. The DNSSEC records need to validate data-wise for the time-attack to do any good. The design goal was just to enable the DNSSEC validation to have good enough time for time-validation for bootstrap. > > As far as I know, this requires at least 2 things to be compromised: > Both DNSSEC and the X509 certificate. This is less likely than > just 1 being compromised, but still possible. It would at least > help that the DNSSEC and X509 certificate are not managed by the > same organization. For sure. If you have updated your basic DNSSEC key to be valid enough, DNSSEC validation should be difficult. At the time it is "broken" we are not alone to need the upgrade. > > The only options I see is: > 1) You have enough sources so that all being compromised is > unlikely enough for your use case. This can be things like: > - A battery to keep your clock > - A source of time that makes you a stratum 1 servers like a > GPS receiver. > - 1 or more ntp servers (using NTS) > - Other sources of time like roughtime Regular update that RTC. I've seen NTP fail because the RTC drifted away and was not maintained. > 2) The machine should trust something external: > - A human that sets the time correct > - An external DNS server that does DNSSEC validation for it, > and probably uses 1) itself. If you trust DNSSEC and that key-chain as well as trust the X.509 chain, then you put your core trust there. The bootstrap procedure I describe is to bootstrap out of the situation you do not trust your own time well enough. In fact, as you wake up, you also need to consider that your own local time can be at error, and you need to bootstrap out of that. You can test it through similar enough procedure, but if that fails, you need to bootstrap time from external source. Look at the DHS Resilient PNT common framework, already for Level 1 you need to be able to in the field be able to reset to "factory settings" to override any internal state that can be incorrect. It turns out from bitter experience, you can't trust that at all times. Once you done your homework, that's another story, and you need to maintain it just as with keys. Cheers, Magnus
- [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Paul Gear
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Hal Murray
- [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Kurt Roeckx
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Dieter Sibold
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Warner Losh
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Paul Gear
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Paul Gear
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Steve Allen
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… James
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) James
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) Harlan Stenn
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Mark Andrews
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Doug Arnold
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: NTP Security (was NTPv5: bi… Ulrich Windl