On 28 Mar 2020, at 23:58, Harlan Stenn <stenn@nwtime.org> wrote:
Steven Sommars said:
The secure time transfer of NTS was designed to avoid amplification attacks.
Uh, no.
Yes, it was. As Steven said, “The secure time transfer of NTS was designed to avoid amplification attacks”. I would even say - to make it impossible to use for amplification attacks.
If you understand what's going on from the perspective of both the client and the server and think about the various cases, I think you'll see what I mean.
Hopefully, no-one exposes mode 6 or mode 7 on the internet anymore at least not unauthenticated, and at least not the commands that are not safe from amplification attacks. Those just can not be allowed to be used anonymously.
NTS is a task-specific hammer.
Yes. Ragnar