Need for HW-clock independent timestamps
Devan Carpenter
mail at dvn.me
Tue May 15 22:21:26 CEST 2018
Aaron Jones transcribed 3.1K bytes:
> On 12/05/18 19:29, Axel Neumann wrote:
> > You want WG to secure your network. So the suggestion can not be to open
> > your network for a pretty insecure deamon in order to get WG working.
> > This would essentially allow attackers to a fake the ntp server and then
> > block WG forever.
>
> Someone in a position to fake NTP (which needs bidirectional
> communication) is already in a position to block WG forever (by simply
> refusing to forward its packets).
>
> Additionally, there are a few very well-designed and secure NTP daemons
> out there (such as OpenNTPd).
>
Using NTP is not a viable solution for a distributed mesh network. What
if the Internet is only accesible via WG, or what if the network is not
connected to the Internet at all? It's not a trivial problem, but I
think it would be benefecial to WireGuard as a project to not depend on
centralized time authority *if there is an option not to*.
-Devan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180515/b1e4a33e/attachment.asc>
More information about the WireGuard
mailing list