[ntp:questions] IFF autokey issue
mills at udel.edu
mills at udel.edu
Wed May 9 14:23:04 UTC 2007
Garrett,
You are misinformed. See the briefings on the NTP project page.
Dave
Garrett Wollman wrote:
> In article <slrnf3v85q.2gr.kostecke at stasis.kostecke.net>,
> Steve Kostecke <kostecke at ntp.isc.org> wrote:
>
>
>>What has happened is that Vladimir has discovered the fact the Autokey
>>will "degrade" to TC in the event that parameters for no other Identity
>>Scheme are present. So he is asking "what's the point" of IFF (and, by
>>extension, GQ and MV) if the Authentication will succeed just on the
>>strength of the host parameters.
>
>
> Say what?
>
> So lemme get this straight... I can configure my NTP servers so that
> any autokey-using client will believe they are authentic, based solely
> on a bit that was set in an unauthentic certificate?
>
> That's even more broken than I thought.
>
> -GAWollman
>
More information about the questions
mailing list