Hi, * none <anots...@fastmail.fm> [2012-09-10 15:42]: [...] > An adversary can tamper with the unauthenticated NTP replies and put the users > time several years back, especially, but not limited, if the bios battery or > hardware clock is defect. That issue becomes more relevant with new devices > like RP, which do not even have a hardware clock. > > Putting the clock several years back allows an adversary to use already > revoked, broken, expired certificates; replay old, broken, outdated, known > vulnerable updates etc.
NTP is certainly subject to spoofing attacks by its nature. I also agree that this may be a problem in some settings. Just considering that e.g. kerberos is making heavy use of accurate timing. In theory NTP should be robust against wrong timing information from single servers. Obviously this doesn't help you, if your DNS is also spoofed and you control all NTP servers. Since NTP does support symmetric/autokey by now, what I really wonder about is why this is no strict requirement for servers in pool.ntp.org to which certainly also our debian ntp vendor zone belongs. I think it would be desirable to ship default configurations with those keys setup. I CC'ed Ask who is maintaining pool.ntp.org for this discussion. Ask, is there such a requirement and I missed it or is it not existent? If not, how realistic is it to change this? While I don't think this is a critical problem, I'd also love to see this changed in future default configurations of the ntp package in Debian. Kind regards Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgp0T1Xk5sldC.pgp
Description: PGP signature