Re: timedatex replacing systemd-timedated for NTP packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/26/2014 10:09 AM, Miroslav Lichvar wrote:
We still do. Unless the number of bad servers added from DHCP is large
enough to disrupt the NTP source selection algorithm or the pool
servers are not reachable (NTP traffic blocked), it shouldn't be a big
problem. Of course, without authentication this can't reliably protect
against MITM attacks.

Do we even use the DHCP NTP server assignment?

I was more worried about 123/UDP interception (which makes kind of sense to improve NTP accuracy, but can of course turn out to be quite wrong).

I think Florian meant getting time over HTTPS from a Fedora server.

Yes, there are various places where the server time is included under cryptographic protection. We'd have to hard-code the certificate, though, because we cannot do PKIX validation without system time information.

--
Florian Weimer / Red Hat Product Security
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux