[ntp:questions] Re: NTP over multicast sat link with no return channel

Danny Mayer mayer at ntp.isc.org
Tue Apr 11 02:41:10 UTC 2006


Harlan Stenn wrote:
> I could be wrong.
> 
> I belive the 'auth' for broadcast is private key auth; it would require that
> key number N have the same value in the ntp.keys file on your server and on
> your clients.
> 

You're right, you are wrong! :) We use autokey on the UDel flock and it
works fine with broadcast and multicast.

> Without auth, BadGuy can send time to your clients and you risk having the
> client machines believe the BadGuy.
> 

Yes, this is a risk. The problem that I was trying to address is the
inherent asymmetry in the network. If you had a way of get an
approximate measure of the asymmetry you could adjust for it, but there
is no easy way of deciding this unless you have another time source
which does not have this asymmetry and use the difference between the
two sources to apply an adjustment. I forget how you do that.

Danny



More information about the questions mailing list