[ubuntu-hardened] authenticated NTP
Kees Cook
kees at ubuntu.com
Thu Feb 23 19:57:02 UTC 2012
On Thu, Feb 23, 2012 at 06:42:29PM -0000, proper at tormail.net wrote:
> > You might be interested in https://github.com/ioerror/tlsdate, "secure
> > parasitic rdate replacement".
> > Although, it probably isn't "ready for use production use TM".
>
> I aware of it, but I was more hoping for an official statement from the
> security team... Like for example...
> "We already use authenticated NTP."
> "Authenticated NTP is planed."
> "We would like to use authenticated NTP, but we can't..."
> "Unauthenticated NTP can not be used for MITM, it is already secure, you
> are paranoid, get lost."
>
> But I am mostly ignored and the interest in this topic seams very little.
You started a discussion; I don't think that counts as being ignored. :)
I'd say, it's a known issue, but not high priority, and there doesn't seem to be a
standard way to use authentication with the default ntp pool.
--
Kees Cook
More information about the ubuntu-hardened
mailing list