North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Open Letter to D-Link about their NTP vandalism

  • From: Edward B. DREGER
  • Date: Wed Apr 12 01:46:56 2006

BD> Date: Tue, 11 Apr 2006 23:47:11 -0400
BD> From: Brian Dickson

BD> As to the liability issue, it is easy enough to envision that
BD> someone, somewhere, is relying on time results from NTP for a
BD> life-or-death application, like a medical device, and is innocently
BD> an impacted third party in this.

If I had a life-or-death application depending on NTP, I'd do what I've
already suggested:  Use GPS and multiple stratum-1 servers, and clip
adjustment delta magnitude.  I might also listen for a heartbeat (no pun
intended) saying "device agrees with NTP server", then raise an error if
that condition failed.

BD> Sending bad NTP values could in theory be responsible for killing
BD> someone's scratch monkey...

I can only hope that my life is never entrusted to a device that, at the
suggestion of a lone NTP server, would adjust the clock by 42 years.
IANAL, nor do I play one on TV, but such a setup would seem grossly

Automated devices fail.  Pretending otherwise is foolish.  But you _did_
say "scratch monkey". :-)

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses:
[email protected] -*- [email protected] -*- [email protected]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.