oss-security - Re: tlsdate havoc ahead - default host randomizes tls timestamps

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <5539F5B3.8090501@redhat.com>
Date: Fri, 24 Apr 2015 09:50:11 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: tlsdate havoc ahead - default host randomizes
 tls timestamps

On 04/23/2015 05:37 PM, Hanno Böck wrote:

> And there is some work done in the IETF to create a secure version of
> ntp:
> 
> https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-08
> https://tools.ietf.org/html/draft-ietf-ntp-cms-for-nts-message-03
> https://tools.ietf.org/html/draft-ietf-ntp-using-nts-for-ntp-00

I've been arguing to replace the custom security protocol they have
invented with DTLS.  The discussion is happening on the IETF NTP working
group mailing list: <http://lists.ntp.org/listinfo/ntpwg>  (Note:
somewhat unusual for IETF lists, it's moderated, for first-time posters
at least.)

-- 
Florian Weimer / Red Hat Product Security

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.