[ntp:questions] pool.ntp.org and authentication

Miroslav Lichvar mlichvar at redhat.com
Tue Dec 16 09:32:54 UTC 2014

On Tue, Dec 16, 2014 at 05:43:59AM +0000, Harlan Stenn wrote:
> d_anderson writes:
> > Thanks! I quickly skimmed through the document, and I think I am
> > asking the wrong questions..
> I've been trying to think of good reasons to authenticate pool servers
> and I haven't come up with any good ones yet.

Protection against MITM attacks?

Of course, with a public pool like pool.ntp.org an attacker could join
it with a number of his NTP servers, get their certificates signed and
serve whatever he wants, no need for a MITM. Even if DNS was secure
and all clients were configured to use four pool servers, the pool DNS
server would not likely be able to prevent some clients getting three
bad servers outvoting the fourth server.

But I think it would still be a significant improvement in security.
The NTS draft says the scheme is not applicable to pools. I'm
wondering what would be needed to make it applicable.

Miroslav Lichvar

More information about the questions mailing list