oss-sec mailing list archives
Re: tlsdate havoc ahead - default host randomizes tls timestamps
From: Florian Weimer <fweimer () redhat com>
Date: Fri, 24 Apr 2015 09:50:11 +0200
On 04/23/2015 05:37 PM, Hanno Böck wrote:
And there is some work done in the IETF to create a secure version of ntp: https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-08 https://tools.ietf.org/html/draft-ietf-ntp-cms-for-nts-message-03 https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-00
I've been arguing to replace the custom security protocol they have invented with DTLS. The discussion is happening on the IETF NTP working group mailing list: <http://lists.ntp.org/listinfo/ntpwg> (Note: somewhat unusual for IETF lists, it's moderated, for first-time posters at least.) -- Florian Weimer / Red Hat Product Security
Current thread:
- tlsdate havoc ahead - default host randomizes tls timestamps Hanno Böck (Apr 23)
- Re: tlsdate havoc ahead - default host randomizes tls timestamps Sven Kieske (Apr 23)
- Re: tlsdate havoc ahead - default host randomizes tls timestamps Florian Weimer (Apr 24)