r2 - 2007-12-21 - 15:53:28 - SteveKosteckeYou are here: NTP >  IETF Web > WgMinutes20050309
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

NTP Working Group

Wednesday, March 9 at 1300-1500

Chairs:

Minutes taken by Dave Marlow.

Intro/Agenda Bashing, Brian Haberman

The agenda was accepted as presented.

NTP WG Status and Charter, Karen O'Donoghue

The NTP WG is now an official working group (IESG notice 2/25/05)

Authors were identified for all four pre-defined documents:

  • NTPv4 Scope and Requirements - Dave Plonka
  • NTPv4 Protocol Specification - Jim Martin and Jack Burbank
  • NTP Architecture and Algorithms Spec - Harlan Stenn, Bill Kasch
  • NTPv4 MIB - Tim Plunkett

In addition another topic was identified from the mail list:

  • NTPv4 DHCP Option - Rob Nagy has agreed to be the author if a document is required.

First priority is to get NTPv4 out. IPv6 and Security are part of this core goal.

NTPv4 Scope and Requirements, Dave Plonka

Dave is dividing the requirements between protocol and algorithms which is the same way that the WG has divided up the work. It was agreed that while the WG is standardizing existing practice, the requirements would attempt to gather additional requirements in order to document potential future efforts. Dave identified communities for gathering requirements which included the NTP community, and potentially NTP funding Organizations and in the case of the protocol requirements would also come from the STIME community and ISPs. Requirements are expected to include applications, configuration (e.g. key distribution), system performance, security, IPV6, robustness, and longevity/persistence.

At the conclusion of the discussion, someone brought up that there are legal (and other) reasons to identify the source of the time that is being distributed. It was recommended that people from the time source community be sought. The PKIX TSP, which time stamps for non-reputitation was identified in particular. Brian pointed out that that the major focuses for the WG have already identified for this WG.

NTPv4 Protocol Specification, Karen O'Donoghue

The authors have just been identified and thus there was no presentation on this topic. One draft which is progressing quickly was pointed out - draft-mills-sntp-v4.

Discussion and Wrap-up, Karen O'Donoghue

Karen mentioned that the address for the mail list that is in the WG Charter works now but may not in the future, everyone was asked to use ntpwg@lists.ntp.org

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback