Re: [Ntp] NTP Security (was NTPv5: big picture)
FUSTE Emmanuel <emmanuel.fuste@thalesgroup.com> Tue, 19 January 2021 09:52 UTC
Return-Path: <emmanuel.fuste@thalesgroup.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BC63A13DD for <ntp@ietfa.amsl.com>; Tue, 19 Jan 2021 01:52:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.632
X-Spam-Level:
X-Spam-Status: No, score=-2.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=thalesgroup.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29ECp132upsa for <ntp@ietfa.amsl.com>; Tue, 19 Jan 2021 01:52:39 -0800 (PST)
Received: from thsbbfxrt01p.thalesgroup.com (thsbbfxrt01p.thalesgroup.com [192.54.144.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8A43A13D9 for <ntp@ietf.org>; Tue, 19 Jan 2021 01:52:39 -0800 (PST)
Received: from thsbbfxrt01p.thalesgroup.com (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 4DKkTx59rxz45K3 for <ntp@ietf.org>; Tue, 19 Jan 2021 10:52:37 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thalesgroup.com; s=xrt20181201; t=1611049957; bh=5zH0cU23Dj14LIv0camaDx5CGEfQDVbkiD+DFSuv6nI=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Transfer-Encoding:MIME-Version:From; b=m3zdvu/QSX1RVqZZpHLk1hoNBDLtdY19Eq3elbGxW07C1nETB5bT9q1tJbsU7VoBX RhbG324tWy3ik4ZlPu/uCQO+2lK0Nuu4MWtw1lhxUKFDLeWBEXbFljTDVB/YdFGz3j ULveuLYpdDpOxS04fFLkCtnmfyF+sxChihaAS6Yf4CclUTJrVUcGPlnllP13Y7/Q7i xJO/QYXszudDg8Bx47z0lDz+f433hlWapYemiEGPKWsjBQcF1I78TtACN1oT+nEtE8 2+wR5ADJCS+bW6iNK1PsgsJGLcKWARWrSn1RXmCgf5FC4mryBibCzSThjPuSmdz/G8 T3jP5Jklek2AA==
From: FUSTE Emmanuel <emmanuel.fuste@thalesgroup.com>
To: "ntp@ietf.org" <ntp@ietf.org>
Thread-Topic: [Ntp] NTP Security (was NTPv5: big picture)
Thread-Index: AQHW7Y5jCWcm9A+sZEOhE3CV1WddQKotdkMAgAAK4ICAAED4gIAAEC4AgADTdoA=
Date: Tue, 19 Jan 2021 09:52:36 +0000
Message-ID: <1d7cd21a-29db-49eb-ebff-3e5edc5b3121@thalesgroup.com>
References: <20210118113806.33BBE40605C@ip-64-139-1-69.sjc.megapath.net> <c6fda979-0b3e-99fc-2dc5-25b7cde4c42b@rubidium.se> <20210118162517.GA2410317@localhost> <acdd42d0-9b58-4b26-0798-55a42bc0b6de@rubidium.se> <YAX6gJiREb2RE6Gs@roeckx.be>
In-Reply-To: <YAX6gJiREb2RE6Gs@roeckx.be>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
x-pmwin-version: 4.0.3, Antivirus-Engine: 3.79.0, Antivirus-Data: 5.81
Content-Type: text/plain; charset="utf-8"
Content-ID: <E081772F65E61345859F4CBB42A762E4@iris.infra.thales>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/gQCz66DfukSkhrFBsLAlWilaZrk>
Subject: Re: [Ntp] NTP Security (was NTPv5: big picture)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2021 09:52:41 -0000
Le 18/01/2021 à 22:15, Kurt Roeckx a écrit : > On Mon, Jan 18, 2021 at 09:17:49PM +0100, Magnus Danielson wrote: >> Hi, >> >> On 2021-01-18 17:25, Miroslav Lichvar wrote: >>> On Mon, Jan 18, 2021 at 04:46:22PM +0100, Magnus Danielson wrote: >>>> 6) If verified time matches that of the initial handshake request (as >>>> updated using local time progess), then unauthenticated time in step 2 >>>> and 3 was valid, and thus the verification was valid and progress, else >>>> fail. >>>> >>>> So, we see how unauthenticated time can be used to bootstrap the >>>> handshake. Notice that this is not used to initiate node time, but only >>>> for that handshake. Only after things is secured, you accept time as >>>> being secured. >>> I don't quite follow. If A was compromised at some point, how do you >>> know you are not talking to the attacker intercepting your requests >>> and giving you old signatures? Isn't the whole point of the validity >>> period to prevent such attacks? If you don't know the current time, >>> how can you validate anything that's not supposed to be trusted >>> forever? >>> >> You actually do not trust the time you get initially. You validate it. >> If your DNSSEC is invalid because of time, then the DNSSEC does not >> validate. If your DNSSEC is invalid because false data, the DNSSEC does >> not validate. Then, if and only if DNSSEC validate, only then you get >> time but using the data-validated path, and only then you validate if >> the original time and the validated time match up. If they don't, then >> you do not trust either. If you can spoof the DNSSEC to validate, you >> are toast anyway, if you have put your trust there. > In case keys are compromised, an attacker can send you an invalid > initial time. That same attacker can create DNSSEC records, which > you're happy to validate with the wrong time. So now you think DNS > is working properly and ask for the time again, and still get the > wrong time. The lying time windows will not be very huge to continue to be valid for all the chain. It will so be valid for the other configured servers and you want to configure multiple ones and eject bad ones the standard way. Validating reverse DNS records is a good thing too, as the two are managed generally by different organization and definitively use another trust chain and key. For the pool, with what I have in mind with DANE and DNSSEC, you will have the trust dispatched between the DNS hierarchy of the pool, the DNS hierarchy of each participant and a simple x509 authority operated by the pool and published in a DANE record. Why not a "classic" public authority ? Mainly for the bootstrapping problem as you don't have to distribute the authority certificate chain to the clients, and on a very personal point of view because I consider this external "moral" authority trust model broken. Anyway compromised machine will still be compromised and dealt as usual. This and all the local possible trusting possibilities options/policies (RTC, trusted sources like GPS/GNSS, human validation etc...) permit a very robust time trust model. Emmanuel.
- [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Paul Gear
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Hal Murray
- [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Kurt Roeckx
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Dieter Sibold
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Warner Losh
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] NTPv5: big picture James Browning
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTPv5: big picture Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] NTPv5: big picture Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Doug Arnold
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTPv5: big picture Salz, Rich
- Re: [Ntp] NTPv5: big picture Daniel Franke
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTPv5: big picture Philip Prindeville
- [Ntp] Antw: [EXT] Re: NTPv5: big picture Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Philip Prindeville
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Paul Gear
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Paul Gear
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Philip Prindeville
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: big p… Ulrich Windl
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Warner Losh
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Doug Arnold
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Steve Allen
- Re: [Ntp] CLOCK_TAI (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… James
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (was NT… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: CLOCK_TAI (was NTPv5: b… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Martin Burnicki
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… Magnus Danielson
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: CLOCK_TAI (wa… FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) James
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) Harlan Stenn
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) James Browning
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Hal Murray
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Mark Andrews
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Doug Arnold
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) Kurt Roeckx
- Re: [Ntp] NTP Security (was NTPv5: big picture) Salz, Rich
- Re: [Ntp] NTP Security (was NTPv5: big picture) Miroslav Lichvar
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Philip Prindeville
- Re: [Ntp] NTP Security (was NTPv5: big picture) Watson Ladd
- Re: [Ntp] NTP Security (was NTPv5: big picture) FUSTE Emmanuel
- Re: [Ntp] NTP Security (was NTPv5: big picture) Marcus Dansarie
- Re: [Ntp] NTP Security (was NTPv5: big picture) Magnus Danielson
- [Ntp] Antw: [EXT] Re: NTP Security (was NTPv5: bi… Ulrich Windl