Hi …. and that paper references a whole raft of other papers. Until you dig down into each of them it’s not at all apparent what is being referred to in some sections. In some cases they are going back to things in the 1990’s. A lot has changed since then.
Bob > On Oct 24, 2015, at 3:50 PM, Magnus Danielson <mag...@rubidium.dyndns.org> > wrote: > > Bob, > > It was linked from the article. Some 18 pages of reading. Go and read it. I > will when I get the time... can somebody skew my time by skew my NTP? Just > read the article, it tells you how to pull it off. > > Cheers, > Magnus > > On 10/24/2015 03:02 PM, Bob Camp wrote: >> Hi >> >> Without the real paper(s) they are referencing, it’s impossible to evaluate >> what they >> are saying. In order to actually address their points, it will have to be >> done on a paper >> by paper basis. >> >> Bob >> >>> On Oct 24, 2015, at 6:36 AM, Florian Teply <use...@teply.info> wrote: >>> >>> Am Wed, 21 Oct 2015 22:54:15 -0700 >>> schrieb Rob Seaman <sea...@noao.edu>: >>> >>>> Mark Sims said: >>>> >>>>> Ars Technica just put up a piece on the effects of various attacks >>>>> on NTP with a link to the original paper. >>>>> >>>>> http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/ >>>> >>>> >>>> The Network Time Foundation (through Harlan Stenn’s hard work) has >>>> already released a patch synchronized with the publication of the >>>> referenced paper from Boston University: >>>> >>>> http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/ >>>> >>>> Many of the comments on the Ars Technica piece are quite naive >>>> regarding timekeeping issues. This reflects an ongoing need for >>>> public education that Time-nuts as well as NTF can help supply. >>>> >>> In my opinion, it would be interesting to know if other implementations >>> are affected as well. >>> Until now, I've come across the ntp mentioned above, maintained by >>> the network time foundation. >>> But there's also openntpd, maintained by the OpenBSD guys, and ntimed >>> by PHK, which IIRC both claim to address security. Likely there afre >>> even more out there... >>> >>> But if I read that article on ars technica correctly, it looks like it >>> is something inherent to the ntp protocol itself and the definitions it >>> makes. >>> >>> Poul-Henning, would you care to comment on that for ntimed? >>> >>> Best regards, >>> Florian >>> _______________________________________________ >>> time-nuts mailing list -- time-nuts@febo.com >>> To unsubscribe, go to >>> https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts >>> and follow the instructions there. >> >> _______________________________________________ >> time-nuts mailing list -- time-nuts@febo.com >> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts >> and follow the instructions there. >> > _______________________________________________ > time-nuts mailing list -- time-nuts@febo.com > To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts > and follow the instructions there. _______________________________________________ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
