[ntp:questions] Re: Using NTP in broadcast mode with no reverse link

David L. Mills mills at udel.edu
Fri Dec 5 14:17:58 UTC 2003


dave,

I'm not sure what your security model is. See
http://www.eecis.udel.edu/~mills/database/reports/stime/stime.pdf and
the briefings at http://www.eecis.udel.edu/~mills/proto.html. 

Dave

dave wrote:
> 
> David L. Mills wrote:
> >
> > Guys,
> >
> > I'm sure you know the NTP client will coast happily onward with
> > configured delay if its client packets are not answered. There is at
> > present no way to disable the calibration/cryptographic volley.
> >
> > The original motivation behind the volley was the surprising observation
> > that the multicast Internet path could be wildly different than the
> > unicast path, especially when satellite hops are involved. The scheme is
> > designed to avoid the error, which can be as large as 540 ms. A second
> > motivation is cryptographic authentication, which requires an exchange
> > of certificates and identity values.
> >
> > It would not be hard to add a configuration wrinkle to disable the
> > volley; however, I question the need to do this, especially when strong
> > authentication is involved. I consider that absolutely necessary in any
> > public deployment.
> 
> I have in mind a situation where it's important that there be no path
> from a more trusted network to a less trusted one. A single one-way
> optical fibre fulfils that requirement admirably, and in a LAN
> environment time delays are not important.
> --
> dave



More information about the questions mailing list