authenticated NTP

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

authenticated NTP

proper
Why Ubuntu does not use authenticated NTP by default?

Unauthenticated NTP is dangerous, for example, a MITM can forge the NTP
reply, switch the date back and use old/revoked SSL certificates.


--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

Kees Cook-5
On Sun, Feb 19, 2012 at 10:26:44PM -0000, [hidden email] wrote:
> Why Ubuntu does not use authenticated NTP by default?

Do you have an example of doing this with the public NTP pool?

Thanks!

-Kees

--
Kees Cook

--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

proper
> On Sun, Feb 19, 2012 at 10:26:44PM -0000, [hidden email] wrote:
>> Why Ubuntu does not use authenticated NTP by default?
>
> Do you have an example of doing this with the public NTP pool?

It's really strange that this topic gets so less attention.

I am sorry, information is very hard to find on Google. Here are two
links, how to set up authenticated NTP as a client.
https://ntp3.sp.se/howto.html
http://support.ntp.org/bin/view/Support/ConfiguringAutokey

What I have not found yet, is a free, public NTP server, not to speak
about a whole list. Only a few servers in the NTP pool do support it. This
is probable not going to change, if we do not discuss it.


--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

dave bl
On 21 February 2012 02:47,  <[hidden email]> wrote:

>> On Sun, Feb 19, 2012 at 10:26:44PM -0000, [hidden email] wrote:
>>> Why Ubuntu does not use authenticated NTP by default?
>>
>> Do you have an example of doing this with the public NTP pool?
>
> It's really strange that this topic gets so less attention.
>
> I am sorry, information is very hard to find on Google. Here are two
> links, how to set up authenticated NTP as a client.
> https://ntp3.sp.se/howto.html
> http://support.ntp.org/bin/view/Support/ConfiguringAutokey
>
> What I have not found yet, is a free, public NTP server, not to speak
> about a whole list. Only a few servers in the NTP pool do support it. This
> is probable not going to change, if we do not discuss it.

You might be interested in https://github.com/ioerror/tlsdate, "secure
parasitic rdate replacement".
Although, it probably isn't "ready for use production use TM".

--
David.

--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

proper
> You might be interested in https://github.com/ioerror/tlsdate, "secure
> parasitic rdate replacement".
> Although, it probably isn't "ready for use production use TM".

I aware of it, but I was more hoping for an official statement from the
security team... Like for example...
"We already use authenticated NTP."
"Authenticated NTP is planed."
"We would like to use authenticated NTP, but we can't..."
"Unauthenticated NTP can not be used for MITM, it is already secure, you
are paranoid, get lost."

But I am mostly ignored and the interest in this topic seams very little.


--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

Kees Cook-5
On Thu, Feb 23, 2012 at 06:42:29PM -0000, [hidden email] wrote:

> > You might be interested in https://github.com/ioerror/tlsdate, "secure
> > parasitic rdate replacement".
> > Although, it probably isn't "ready for use production use TM".
>
> I aware of it, but I was more hoping for an official statement from the
> security team... Like for example...
> "We already use authenticated NTP."
> "Authenticated NTP is planed."
> "We would like to use authenticated NTP, but we can't..."
> "Unauthenticated NTP can not be used for MITM, it is already secure, you
> are paranoid, get lost."
>
> But I am mostly ignored and the interest in this topic seams very little.

You started a discussion; I don't think that counts as being ignored. :)

I'd say, it's a known issue, but not high priority, and there doesn't seem to be a
standard way to use authentication with the default ntp pool.

--
Kees Cook

--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Reply | Threaded
Open this post in threaded view
|

Re: authenticated NTP

Marc Deslauriers-3
On Thu, 2012-02-23 at 11:57 -0800, Kees Cook wrote:

> On Thu, Feb 23, 2012 at 06:42:29PM -0000, [hidden email] wrote:
> > > You might be interested in https://github.com/ioerror/tlsdate, "secure
> > > parasitic rdate replacement".
> > > Although, it probably isn't "ready for use production use TM".
> >
> > I aware of it, but I was more hoping for an official statement from the
> > security team... Like for example...
> > "We already use authenticated NTP."
> > "Authenticated NTP is planed."
> > "We would like to use authenticated NTP, but we can't..."
> > "Unauthenticated NTP can not be used for MITM, it is already secure, you
> > are paranoid, get lost."
> >
> > But I am mostly ignored and the interest in this topic seams very little.
>
> You started a discussion; I don't think that counts as being ignored. :)
>
> I'd say, it's a known issue, but not high priority, and there doesn't seem to be a
> standard way to use authentication with the default ntp pool.

ntpd has a panic threshold which is 1000 seconds by default. Does
ntpdate have an equivalent feature? Maybe adding one that won't make the
clock go back or forward more than a day or two would be a good idea
until we get something better?

Marc.



--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened