North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Open Letter to D-Link about their NTP vandalism

  • From: M. David Leonard
  • Date: Wed Apr 12 09:35:11 2006

	This reminds me of "selective availability" (I think that's the
correct term) in the GPS stream coming from US DOD orbital platforms. 
Sure, the data is jittered.  Who sues because only authorized clients (in
that case, US military forces) get unjittered time and position but folks
without authorization get severely compromised time and position data? 
What is to prevent a network from providing unjittered NTP to its
downstream clients/customers BUT jittered NTP to outsiders?  How is this
different from providing up-to-the-millisecond stock exchange data to
paying customers but delaying the same data provided to the general public
by some time period?   Are we constrained by fear of litigation from 
taking appropriate pro-active measures to protect services from abuse and 
from discriminating between legitimate and questionable requests for data 
from our own servers?  Is it time to bail out of the Internet business?

					David Leonard

On 11 Apr 2006, Paul Vixie wrote:

> > > > > > I've said in other forums the only solution for this sort of
> > > > > > software is to return the wrong time (by several months). The
> > > > > > owner might actually notice then and fix the problem.
> > > > > that creates new liability, and isn't realistic in today's
> > > > > litigious world.
> > > > (Suprise to read that from PV.)
> > > Why?  It may be the voice of experience.  ...
> > Because its DIX ressources...  They can do whatever they want with it.
> actually, not.  who owns the resources isn't as important, to a judge, as
> whether someone is damaged and whether that damage resulted from an
> intentional act.  the "voice of experience", if i have one, says that if
> DIX wants to cease providing this service they can do so safely, but if
> they decide to deliberately return the wrong time, and if that wrong time
> costs or loses somebody else some money, then a judge would take it seriously.
> again, denying service (assuming there's no explicit contract to provide
> it) is unquestionably safe.  i was responding to the proposal that the wrong
> time be deliberately returned.  you'd be betting that nobody would notice
> or that it would cost nobody money -- which isn't a safe bet, since someone
> can always find ways to allege that your intentional actions cost them money.
> (as opposed to your deliberate inaction, as in the case of denying service.)
> note, IANAL.  but i've been sued by experts, and even stupid lawsuits cost a
> lot to answer/defend, and not all stupid lawsuits are provably frivolous.
> -- 
> Paul Vixie