[ntp:questions] Re: server's address in ntp payload?

Danny Mayer mayer at gis.net
Tue Nov 22 14:24:43 UTC 2005


Brian Utterback wrote:
> Danny Mayer wrote:
> 
>> David Schwartz wrote:
>>
>>> "Danny Mayer" <mayer at gis.net> wrote in message
>>> news:437D4371.2090004 at gis.net...
>>>
>>>
>>>
>>>> No it is not a flaw in the protocol design. It would be if it were put
>>>> in. The address doesn't belong there, it belongs in the IP header which
>>>> the receiving server always gets.
>>>
>>>
>>>
>>>    It is a flaw. Its absence requires the receiver to assume that the
>>> origin address of the UDP packet received is the IP address of the
>>> sending server. This assumption may or may not be correct. But if the
>>> address were in there, the assumption would not be needed.
>>>
>>
>>
>> Absolutely not. That would be a layering violation. Verification is done
>> through key exchange and the MAC section in the NTP packet.
> 
> 
> If that is a layering violation, then why do you need to know both the
> source and destination address of each NTP packet to authenticate it?
> 

I refer you to the autokey protocol.

Danny






More information about the questions mailing list