[ntp:questions] IFF autokey issue

David L. Mills mills at udel.edu
Fri May 11 01:29:56 UTC 2007


That's why the identity schemes are provided. See the Autokey protocol 
on the NTP project pageand links from there. See 

While it is assumed the trusted host has both the trusted (self-signed) 
certificate and identity keys and a secure way to retrieve the encrypted 
keys, it is possible in printiple, just like a conventional CA, to 
infiltrate a legitimate CA and assume its identity.


Garrett Wollman wrote:
> In article <slrnf41h14.te9.kostecke at stasis.kostecke.net>,
> Steve Kostecke  <kostecke at ntp.isc.org> wrote:
>>There is no Central Scrutinizer who decrees whether or not a server is
>>"authentic" or "trusted".
>>The entity generating the host parameters marks them as trusted by using
>>the '-T' switch during the generation process.
> It is not up to the server operator whether clients should believe
> some random self-signed "certificate" proffered by a server (or
> someone masquerading as a server).
> -GAWollman

More information about the questions mailing list