[LEAPSECS] Leap Sec vs Y2K

Ian Batten igb at batten.eu.org
Sat Dec 11 03:14:44 EST 2010



>>

>

> Then you must also pity 99.999% of the software users on the planet all of which are not affected by missing NTP configurations.


Really? OSX ships with a functional NTP configuration, enabled by default, as do most Apple odds and ends (Airports, particularly). In order to have an OSX machine that is _not_ synch'd to UTC you'd need to take special action (and outbound firewalls that drop specific protocols are rare).

Windows Time Service isn't as good by default, but it maintains resolution of a few seconds over a network (and has to, because otherwise AD/Kerberos) will hit trouble. Windows ships with the ability to synch the clock coarsely to the outside world (http://www.microsoft.com/windowsxp/using/setup/maintain/setclock.mspx) and it's usually turned on as part of group policy unless the AD server is acting as a clock reference. Even if home environments, it's routinely turned on. As a simple check, today it's very rare indeed to sort messages by the header Date: field and find that it yields an orders that scrambles a conversation, which imples that globally clocks are synch'd to at least the turnaround time in an email conversation, and that wasn't true in the past (yes, I realise the rise of WebMail services is a factor in this as well).

There have been several incidents of consumer CPE automatically synching via NTP to unsuspecting public-access server including, oh, look, our very own Paul-Henning Kamp to whom you are responding (http://www.engadget.com/2006/04/09/danish-server-admin-exposes-d-links-ntp-vandalism/). Indeed, today, I'd be surprised if there were many homes that didn't have a stratum-three ntp server, such is its prevalence in CPE.

I'm surprised by your claim that Telcos don't do NTP, because my first dealings with NTP twenty-odd years ago were related to a major European telco who insisted that all management systems by synchronised, partly because of the legal implications of getting billing time-periods wrong and partly because of the need to do log correlation for event handling, and every telco project I've been involved in since has had sub-1s resolution and precision timestamping in the specification.

ian



More information about the LEAPSECS mailing list