The IESG has approved the following document: - 'Port Randomization in the Network Time Protocol Version 4' (draft-ietf-ntp-port-randomization-08.txt) as Proposed Standard
This document is the product of the Network Time Protocol Working Group. The IESG contact persons are Erik Kline and Éric Vyncke. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ntp-port-randomization/ Technical Summary The Network Time Protocol can operate in several modes. Some of these modes are based on the receipt of unsolicited packets, and therefore require the use of a well-known port as the local port number. However, in the case of NTP modes where the use of a well- known port is not required, employing such well-known port unnecessarily increases the ability of attackers to perform blind/ off-path attacks. This document formally updates RFC5905, recommending the use of transport-protocol ephemeral port randomization for those modes where use of the NTP well-known port is not required. Working Group Summary There was nothing particularly noteworthy in the WG process. Document Quality Many/most implementations already exhibit this behaviour. More implementation text is in Section 5. Personnel Karen O'Donoghue is the Document Shepherd. Erik Kline is the Responsible Area Director. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
