unruh <un...@wormhole.physics.ubc.ca> wrote: > On 2011-03-25, j...@specsol.spam.sux.com <j...@specsol.spam.sux.com> wrote: >> Miroslav Lichvar <mlich...@redhat.com> wrote: >>> On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote: >>>> Security is so that you know you are not being spoofed. Or if you are >>>> providing the time so that you can prove to your users that you are >>>> who you claim to be and are not spoofing them. >>>> >>>> There is the chance that someone might "impersonate" one of your >>>> servers or a server you use. and then make a computer's clock be set >>>> to the wrong time. Again "who cares" if you only use your computer >>>> to serf the web and read emails but what if you were a bank processing >>>> ATM or visa card transactions or worse a computer routing trans or >>>> airplanes or controlling stop lights. >>> >>> There is one important thing I haven't seen mentioned here. A MITM >>> doesn't need to modify the NTP packets to seriously degrade your >>> timekeeping. He can exploit the PLL instability when undersampled and >>> by dropping and delaying the packets (up to maxdist, 1.5s by default) >>> he can fairly quickly throw your clock off and let you drift away. >>> >>> In addition to the authentication, it's important to monitor >>> reachability of the peers. >> >> One more time, if time is critical to your operation you have several >> sources to include local GPS and CDMA NTP boxes. > > I do not understand. If you do not want to use the authentication, don't. > Noone is forcing you to. We really do not care if you have thought > through your security or not. But at this point it sounds like you are > on a crusade against having the authentication in ntpd, and that > is bizarre. If you think it adds nothing, do not use it. Or if it > offends you to have something in a program you do not use, then rewrite > ntpd to remove the sections that are offensive to you and use that. > And learn once again that you may not completely understand everyone > else in the world.
You must really have your panties in a bunch if asking what good is NTP authentication becomes a "crusade" in your mind. As far as I can see, given the way NTP works and the number of available and independant sources, authentication may make you feel good about it, but has no added value. -- Jim Pennino Remove .spam.sux to reply. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions