[ntp:questions] IFF autokey issue

Steve Kostecke kostecke at ntp.isc.org
Tue May 8 13:03:09 UTC 2007

On 2007-05-08, Garrett Wollman <wollman at bimajority.org> wrote:

> Steve Kostecke <kostecke at ntp.isc.org> wrote:
>>What has happened is that Vladimir has discovered the fact the Autokey
>>will "degrade" to TC in the event that parameters for no other
>>Identity Scheme are present. So he is asking "what's the point" of IFF
>>(and, by extension, GQ and MV) if the Authentication will succeed just
>>on the strength of the host parameters.
> So lemme get this straight... I can configure my NTP servers so that
> any autokey-using client will believe they are authentic, based solely
> on a bit that was set in an unauthentic certificate?

I'm not sure why you would consider the server's trusted host parameters
to be "unauthentic".

NTP Authentication, which can use Autokey or symmetric keys, provides a
means of authenticating the server _to_ the client. A server operator
may choose to support a particular Identity Scheme (e.g. IFF), but it up
to the client to choose to use that scheme or just TC or just accept the
NTP packets without authentication.

The Autokey Protocol and the TC scheme are documented at:

The other Identity Schemes in the Reference Implementation are
documented at: http://www.eecis.udel.edu/~mills/ident.html

You may wish to review the documentation before passing judgment.

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list