[189181] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue May 10 16:18:15 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20160510125806.17324e29@spidey.rellim.com>
Date: Tue, 10 May 2016 16:18:01 -0400
To: "Gary E. Miller" <gem@rellim.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On May 10, 2016, at 3:58 PM, Gary E. Miller <gem@rellim.com> wrote:
>=20
> I'm sure there are many more examples, but likely you can no longer =
log
> in, via SSH or HTTPS, and your iPhone is dead. I think any of those
> would qualify as more than an annoyance.
An unnamed vendor has code where if the clock on their router is not
set SSH won=E2=80=99t work as the crypto package signature says the
package isn=E2=80=99t valid.
Many of the not-before and not-after certificate systems have some =
fairly
serious issues.
https://www.cs.bu.edu/~goldbe/pub-index.html#NTP
is one place to start when it comes to on-path and off-path
NTP attacks that can skew clocks.
- jared=
