A briefing on NTPsec

Eric S. Raymond esr at thyrsus.com
Fri May 13 17:46:42 UTC 2016


Mel Beckman <mel at beckman.org>:
> Does your project have anything like a portable regression test
> suite that the rest of us could use for NTP product evaluations?

We do not, yet.  Testing NTP at above the level of unit tests for individual
functions is *quite* difficult - I say that as the person who successfully
implemented a very rigorous regression-test suite in GPSD.  The NTP version
of this problem is, unfortunately, much less tractable. 

We have some ideas and a partial implementation, but this is the
technical area in which we have had the least success so far.

We will persevere.  We're going to need good end-to-end testing to
maintain provable functional stability through some of the large
changes I have in mind.  I cannot, however, promise that our
test framework will be applicable to other implementations.

>And what I be correct in guessing that all of your work is foss?

Yes.  NTP and 2-clause BSD licenses.

> When you say that nothing has been done to add security mechanisms
> to NTP, are you saying that all the work so far has been code
> hardening exclusively?

Yes.  There remains a considerable amount of this to be done.  We have
our eyes on several risky and only marginally useful features that
should probably be excised.  The recently-acquired ability of Windows
to run many Linux binaries probably means all the Windows port shims
can be thrown out.  And so forth.

The official motto of our project, front and center on www.ntpsec.org,
is the Saint-Exupery quote: "Perfection is achieved, not when there is
nothing more to add, but when there is nothing left to take away."

I must say that the effectiveness of ruthlessly cutting away bloat as
a security-hardening strategy has actually exceeded our initial
expectations. We were hoping for "successful" and seem to have
achieved "wildly successful" - I think dodging 8 of 11 CVEs in the
last batch counts as that.

> Finally, do you want to weigh in on the necessity for highly
> accurate local RT clocks in NTP servers? That seems to be the big
> bugaboo in cost limiting right now.

I'll reply to this starting a separate thread.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the NANOG mailing list