On 2023-12-03 03:22, Hal Murray via devel wrote:
I'm working on devel-TODO-NTS. (mostly deleting things)
Currently, if a bad guy hacks or arm-twists a certificate authority, they can
sign a certificate that the bad guy can use for a MITM attack.
Yes, that's how the CA ecosystem works. That is absolutely a threat.
Keep in mind that if a CA gets caught doing that, they will get the CA
death penalty, ending their money printing business. CAA records and
Certificate Transparency are also mitigations of this threat.
We can make that a lot harder if we lookup the current root certificate that a
server is currently using, find that certificate in a system's root cert
collection, and add a ca xxx to the server line. That doesn't take any
changes to ntpd.
If that's a thing you want to do on your system, you can. IMHO, it's not
something that we particularly need to promote, nor would I find it
desirable operationally. If my NTP server changes their CA provider,
then I won't be able to talk to them any more until I take manual action
to adjust the pin.
Is that called pinning? If not, is there a term for it?
Wiki has a page for a related proposal:
https://en.wikipedia.org/wiki/Certificate_pinning
It sounds like pinning to me, at least a form of the general idea.
--
Richard
_______________________________________________
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel