[pkg-ntp-maintainers] Bug#687166: Bug#687166: ntp: NTP security vulnerability because not using authentication by default
Kurt Roeckx
kurt at roeckx.be
Mon Sep 10 16:51:57 UTC 2012
On Mon, Sep 10, 2012 at 06:18:42PM +0200, Nico Golde wrote:
> Hi,
> * Ask Bjørn Hansen <ask at ntppool.org> [2012-09-10 18:03]:
> > On Sep 10, 2012, at 8:13, Nico Golde <nion at debian.org> wrote:
> > [Adding NTP authentication]
> >
> > We could setup a set of servers with authentication, but that'd be a much
> > smaller list of servers (for better and worse). It wouldn't be like the
> > current NTP Pool at all.
> >
> > Next would be to add DNSSEC to the DNS (which is non-trivial with the
> > current zone and the current resources; at peaks the DNS servers get 20-30k
> > qps and each response is different so you have to sign in "real-time".).
> >
> > If there's a need and resources, I could run a zone with DNSSEC and with
> > autokey configured, but it'd not be possible in the "open source"/"everyone
> > volunteers a resource or two" scheme.
>
> Wouldn't it still make sense to have a zone configured with autokey even
> without DNSSEC? Or is an active attacker bombarding the victim with faked NTP
> responses without spoofed DNS not an issue at all, so all this matters *only*
> if DNS is spoofed?
Autokey does several things, the most important of those is to
authenticate the peer your're talking too.
I don't see DNSSEC adding anything useful if autokey is used,
unless we also want to distribute the public keys via DNS.
Kurt
More information about the pkg-ntp-maintainers
mailing list