-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathannouncement.txt
61 lines (50 loc) · 2.91 KB
/
announcement.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
= Project announcement =
The NTP Security Project effort addresses a pressing problem in the
Internet infrastructure, and tests a new model for supporting and
maintaining its vital parts.
It has been known for some time that the authentication and security
mechanisms used in Network Time Protocol (NTP) were aging, partly
broken, and vulnerable to attack. Recently this concern has become
reality through a string of serious security incidents involving NTP
servers, in many of which the servers were exploited as amplifiers for
DDoS (distributed denial of service) attacks.
An accurate common timebase is vitally important for a wide range of
uses, from financial services to autonomous vehicular navigation.
Accordingly, some months ago the Center for Trustworthy Scientific
Cyberinfrastructure (http://trustedci.org/[CTSC]) and Indiana
University's Center for Applied Cybersecurity Research
(http://cacr.iu.edu/[CACR]) initiated rescue planning that included a
range of individual experts on time service, senior NTP developers,
and interested organizations such as the Network Time Foundation
(http://www.networktimefoundation.org/[NTF]) the Internet Civil
Engineering Institute (https://icei.org[ICEI]), and the National
Science Foundation (http://www.nsf.gov/[NSF]). The NSF approved seed
funding for this work.
The rescue planning bore fruit in a detailed roadmap, beginning with
breaking the NTP code base out of the proprietary BitKeeper revision
control system into a Git repository, where it can benefit from
regular examination and contributions by the wider community (this
was not previously possible due to BitKeeper's licensing requirements
and logistical overhead).
NTF, which maintains the current reference NTP implementation, has
declined to participate in these efforts to secure the NTP software.
Thus, members of the NTP community have chosen to create a fork of
that code base that will take advantage of and further iterate upon
the remediation work funded by the NSF, CTSC, and CACR. The ongoing
work is now substantially funded by the Linux Foundation's Core
Infrastructure Initiative (https://www.coreinfrastructure.org/[CII]).
Thus, the NTP Security Project - familiarly, NTPsec. NTPsec will be
a compatible upgrade from the NTF version, continuously evolved from
that historical reference implementation.
As the project name indicates, NTPsec's early focus will be on
security improvements. We will also apply best practices in use of
static-analysis tools, continuous integration, and automated testing.
Down the road we plan deeper refactoring for security and simplicity,
and to fully adapt the network time protocol to IPV6.
NTPsec begins with a core team of experienced and expert developers.
You can read more about them on the link:core-team.html[Core
Team] page.
image::clocktower64.png[align="center"]
Have questions? Email us at mailto:contact@ntpsec.org[contact@ntpsec.org],
or via IRC at Freenode channel #ntpsec.
// end