[ntp:questions] IFF autokey issue
David L. Mills
mills at udel.edu
Fri May 11 01:29:56 UTC 2007
That's why the identity schemes are provided. See the Autokey protocol
on the NTP project pageand links from there. See
While it is assumed the trusted host has both the trusted (self-signed)
certificate and identity keys and a secure way to retrieve the encrypted
keys, it is possible in printiple, just like a conventional CA, to
infiltrate a legitimate CA and assume its identity.
Garrett Wollman wrote:
> In article <slrnf41h14.te9.kostecke at stasis.kostecke.net>,
> Steve Kostecke <kostecke at ntp.isc.org> wrote:
>>There is no Central Scrutinizer who decrees whether or not a server is
>>"authentic" or "trusted".
>>The entity generating the host parameters marks them as trusted by using
>>the '-T' switch during the generation process.
> It is not up to the server operator whether clients should believe
> some random self-signed "certificate" proffered by a server (or
> someone masquerading as a server).
More information about the questions