On 2020-10-17 05:54, Martin Husemann wrote:
On Sat, Oct 17, 2020 at 01:16:57PM +0100, Sad Clouds wrote:I'm not an expert on NTP, but what sort of information do you think it could leak that could compromise your system security? There are ways for hackers to abuse NTP protocol, but that is where you should be using NTS extensions.No, this is not about NTP, but leaking the information that an RTC-less device booted and did the magic handshake to get time correct (by sending standard queries to cloudflare). I actually do run a local ntpd inside the protected network, which is why I'm happy with hard coded or dhcp provided (local) IPs. Martin
Hi Martin,There is no "magic handshake", it's a standard TLS handshake, and the traffic should look the same as any old DNS over HTTPS query (as done by default by Firefox, Chrome and a number of other products now adays).
There's also nothing that "leaks" the fact you have an RTC-less machine - by default, the HTTPS constraint checks are performed for all machines, in an attempt to mitigate possible NTP man-in-the-middle attacks (see my previous email that mentions the two complementary use case scenarios for this solution). Also, nobody seems to have a problem using fixed IP addresses for DNS servers (whats the alternative?) So I don't think including a couple trustworthy providers (that are easily changeable if desired) would be that big of a deal. The paranoiacs over in OpenBSD land seemed to think this solution was adequate, so I image any privacy or information disclosure possibilities would have been addressed. As I see it, it's just a couple TLS handshakes which look identical to DNS over HTTPS traffic (which use the ubiquitous port 443). Unless there's something I'm missing (or that the paranoiacs failed to address) I'm pretty sure this is one of the only viable solutions for combating the chicken and egg clock problem TODAY.
Regards, Jordan