[ntp:questions] IFF autokey issue

Steve Kostecke kostecke at ntp.isc.org
Mon May 7 19:29:47 UTC 2007

On 2007-05-07, Vladimir Smotlacha <vs at cesnet.cz> wrote:

> I setup up an IFF identity scheme  at my labs NTP server and client.
> I did it exactly according to available documentation and it worked O.K.
> However, I tried it once more with new keys and certficates but without
> copying IFF parameters to the client (i.e. the client did not know IFF
> parameters). I expected that the authentication fails but it was
> successful again.

The Trusted Certificate (TC) Identity Scheme was being used because you
generated trusted host parameters (with '-T') on the server,

> It seems that the client acts the same way as in previous case.

Because the authentication was successful.

> Should there be observed a difference in client behavior in both
> cases?

The only difference that you will see is in the flags for that
association on the client end.

> What profit has client from knowledge of the IFF params and key?

I'll let someone else answer that.

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list