On Sun, Sep 18, 2016 at 10:53:54AM +0200, Rune Magnussen wrote:
> På Fri, 16 Sep 2016 17:48:29 +0200
> Miroslav Lichvar <mlich...@redhat.com> skrev:
> > However, I'm not sure if this is the best approach for getting leap
> > second information. DNS is normally unsecure, so a MITM attacker could
> > inject a false leap second even if all NTP sources were
> > authenticated. 
> Is DNS worse than NTP-packets when it comes to MITM? 

If we compare authenticated NTP with unauthenticated DNS, then yes. If
both are unauthenticated, NTP still might be slightly better as the
attacker has to modify packets from a majority of the client's sources
instead of just one DNS server. Of course, if the attacker is close
to the client and can modify all its traffic, it doesn't matter.

> > I'd rather see chrony to get support for reading leap seconds from the
> > "leap-seconds.list" file, which is distributed by multiple servers,
> > and recommend running "sleep $[RANDOM] && wget -O ... https://....";
> > from cron every month or so.
> You would then have to make sure the checksums are downloaded from
> another mirror than the file and the best mirrors would depend on where
> you are. This seems almost as complicated as adding support for leap
> seconds via DNS.

I'm not sure I follow. Why would I need to download data from multiple
servers? Are you suggesting to not trust one server, but have a voting
mechanism with at least three different servers like NTP normally does?

Miroslav Lichvar

To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" 
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the 
Trouble?  Email listmas...@chrony.tuxfamily.org.

Reply via email to