[Last-Call] Secdir last call review of draft-ietf-ntp-chronos-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Benjamin Schwartz
Review result: Has Nits

This draft describes an improved variant of the NTP client state machine that
can more reliably reject servers that are hostile or are under attack.  It is
effectively a summary of a more detailed research paper.  Overall, the proposal
appears reasonable, and is presented clearly.  However, I do have two concerns
to note:

1. The document's status is "Informational".  The text is largely a summary of
a more detailed academic research paper.  The proposal has been implemented,
but seemingly only in an academic demonstration codebase.  If the Khronos
behavior has not yet been implemented in a widely used NTP client codebase, I
think the "Experimental" status would likely be more appropriate.

2. The document claims to defend against MITM attackers, but it also notes that
the defense only applies to attackers that can interfere with some fraction of
NTP server access.  The security section should be expanded to note explicitly
some attackers who are out of scope.  One such attacker appears to be the
"nearby MITM", who can selectively block any of the client's traffic.


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux