|
|
|
|
|
|
by Dylan16807
804 days ago
|
|
|
> If you _don't_ enable dnssec on ntp.org, then a mitm can intercept the dns request to redirect to an attacker-owned timeserver with a time in the past. Then the host can have old and expired (without loss of generality) keys/certificates replayed against it. Preventing DNS mitm only matters if you prevent NTP mitm too. What percent of NTP clients talking to these servers are doing it in a secure way? And is that share growing? |
|
|