[ubuntu-hardened] authenticated NTP

Kees Cook kees at ubuntu.com
Thu Feb 23 19:57:02 UTC 2012

On Thu, Feb 23, 2012 at 06:42:29PM -0000, proper at tormail.net wrote:
> > You might be interested in https://github.com/ioerror/tlsdate, "secure
> > parasitic rdate replacement".
> > Although, it probably isn't "ready for use production use TM".
> I aware of it, but I was more hoping for an official statement from the
> security team... Like for example...
> "We already use authenticated NTP."
> "Authenticated NTP is planed."
> "We would like to use authenticated NTP, but we can't..."
> "Unauthenticated NTP can not be used for MITM, it is already secure, you
> are paranoid, get lost."
> But I am mostly ignored and the interest in this topic seams very little.

You started a discussion; I don't think that counts as being ignored. :)

I'd say, it's a known issue, but not high priority, and there doesn't seem to be a
standard way to use authentication with the default ntp pool.

Kees Cook

More information about the ubuntu-hardened mailing list