On Tue, Sep 11, 2012 at 09:23:45PM +0200, Kurt Roeckx wrote:
So after reading some more, I think the only option we have is
using the IFF identity scheme.
But I seem to be failing in getting it working.
So the problem is that autokey does not work over NAT. So I don't
think it's going to
On Tue, Sep 18, 2012, at 01:03 PM, Kurt Roeckx wrote:
On Tue, Sep 11, 2012 at 09:23:45PM +0200, Kurt Roeckx wrote:
So after reading some more, I think the only option we have is
using the IFF identity scheme.
But I seem to be failing in getting it working.
So the problem is that
Hi,
* Ask Bjørn Hansen a...@ntppool.org [2012-09-11 01:01]:
On Sep 10, 2012, at 15:07, Kurt Roeckx k...@roeckx.be wrote:
[...]
So my understanding of things is that even if we also had
a way to distribute all the public keys, you still can't
get it to work as you need to provide each
On Tue, Sep 11, 2012 at 12:49:09PM +0200, Nico Golde wrote:
Hi,
* Ask Bjørn Hansen a...@ntppool.org [2012-09-11 01:01]:
On Sep 10, 2012, at 15:07, Kurt Roeckx k...@roeckx.be wrote:
[...]
So my understanding of things is that even if we also had
a way to distribute all the public keys,
Package: ntp
Version: 1:4.2.6.p3+dfsg-1ubuntu3.1
Severity: normal
Tags: security
Debian implements so much security one way or another. So much defenses against
network level man in the middle or malicious proxies or wifi hotspots.
Cryptographic verification generally works well but there is one
Hi,
* none anots...@fastmail.fm [2012-09-10 15:42]:
[...]
An adversary can tamper with the unauthenticated NTP replies and put the users
time several years back, especially, but not limited, if the bios battery or
hardware clock is defect. That issue becomes more relevant with new devices
On Sep 10, 2012, at 8:13, Nico Golde n...@debian.org wrote:
Hi,
[Adding NTP authentication]
I CC'ed Ask who is maintaining pool.ntp.org for this discussion.
Ask, is there such a requirement and I missed it or is it not existent?
If not, how realistic is it to change this?
Completely
Hi,
* Ask Bjørn Hansen a...@ntppool.org [2012-09-10 18:03]:
On Sep 10, 2012, at 8:13, Nico Golde n...@debian.org wrote:
[Adding NTP authentication]
We could setup a set of servers with authentication, but that'd be a much
smaller list of servers (for better and worse). It wouldn't be like
On Mon, Sep 10, 2012 at 06:18:42PM +0200, Nico Golde wrote:
Hi,
* Ask Bjørn Hansen a...@ntppool.org [2012-09-10 18:03]:
On Sep 10, 2012, at 8:13, Nico Golde n...@debian.org wrote:
[Adding NTP authentication]
We could setup a set of servers with authentication, but that'd be a much
Hi Kurt,
Of course you are right. DNSSEC will help a different use case.
That leaves us the first problem of the keys having to be secret which is
impossible if random servers are hosting them.
If the Debian project had a set of servers with autokey configured that should
be used for
On Mon, Sep 10, 2012 at 02:06:52PM -0700, Ask Bjørn Hansen wrote:
Hi Kurt,
Of course you are right. DNSSEC will help a different use case.
That leaves us the first problem of the keys having to be secret which is
impossible if random servers are hosting them.
If the Debian project had
On Sep 10, 2012, at 15:07, Kurt Roeckx k...@roeckx.be wrote:
I'm not sure Debian wants to run ntp.debian.org. We would need to
ask people to donate resources for that, and the pool project
already exists for that.
Indeed! Sorry I wasn't clear. The NTP Pool system can work on other domains
12 matches
Mail list logo