| Re: [chrony-dev] Frequency transfer in NTP |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-dev] Frequency transfer in NTP
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Fri, 29 Jan 2021 09:40:29 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611909635; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uUyzxIQfcm6J+ql6+3KH0IJ2FnAxvsSUlNJsKUli95o=; b=g7ZN3Hy8kEu7e6/Mraj2kQFD4xIWfBJeBzCrGnlojUcyI6PmvLukZsn9q3V+awWxxTpzVZ tebbSNe4bkHTUMDQ8ltYBZzpjBIjRzkl8fEvxX1WpLYBySdaosEkEukSLKCsS1dMtc+GwF qBrk/f2wTU1jA+fPa2q96pA5By35sR0=
On Thu, Jan 28, 2021 at 05:15:12PM -0600, Dan Drown wrote:
> I'm assuming the test case would be similar to the condition of "stratum 1
> was drifting but came back into sync with its upstream source".
Yes, that could make such a large offset, but in the test it was meant
for demonstration only. In normal operation, there is a small
correction, in both time and frequency, on every update of the clock.
> Does this proposed feature include a frequency error estimate like root
> dispersion's offset error estimate?
Not in the current proposal. I thought about exchanging the skew
value, but I didn't figure out what to do with it on the client.
> What are the security implications? Does frequency transfer prefer slower
> frequency changes over fast?
Good question. This needs to be investigated. In a MITM attack
it might give the attacker (who can either freely modify any values in
the packet, or at least delay them if authentication is enabled) an
even greater control over the client's clock. Some limits on the
accepted frequency change may need to be implemented.
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.