[ntp:questions] NTP autokey and the "private certificate" scheme
David L. Mills
mills at udel.edu
Tue Dec 19 21:40:14 UTC 2017
Stephane lasagni wrote:
>I apologize in advance if my questions further below seem basic to some of you: I am very new to NTP and Cybersecurity (a whole new world for me!). I am trying to work out out NTP autokey works when using the “private certificate” scheme, I thought you might be able to help me to understand it better. I know this scheme is not recommended by RFC 5906 (only for testing purposes). However in my application, this scheme could be appropriate. I think I understood how the other schemes (TC, IFF,..) worked but for some reasons I’m struggling to understand the “private certificate” scheme. I have the following questions (which I numbered to make the reading easier):
>1. I understand the “private certificate” scheme is not recommended for general use (only for testing and development) only because, with this scheme, it is difficult to renew the certificate for all hosts in a secure way, is it correct?
>I understand that the TA (Trusted Authority) generates this private certificate off-line (signed by the TA) and provides it in a secure way to all hosts of the NTP group but what I am struggling to understand is what this private certificate contains exactly and how it is used:
>2. Does the private certificate replace the self-signed certificate which is generated by each host at the beginning of the protocol? ie each host knows they can use the public key in that certificate (and the associated private key : see question 3) for the cookie encryption/de-encryption, etc..?
>3. If answer to question 2 is yes, does it mean that, in addition with the certificate, the TA has to provide each host with the associated private key which goes with the public key of the certificate?
>4. If answer to question 3 is no, does it mean each host has 2 certificates: the self-signed non-trusted certificate generated at the beginning of protocol + the private certificate? How the private certificate is then used exactly?
>5. From RFC 5906, I understand that in case the private certificate scheme is used, then the certificate trail and the identification steps are not necessary. What about the SIGN exchange? The SIGN exchange only has sense with a non-trusted self-signed certificate so this brings me back to the previous questions
>6. Last question (beginner lever I think...sorry!) and I am sure I probably forgot some 😊: what does this private certificate contain in terms of subject name (the issuer is clearly the TA but is the subject name exactly the same for all hosts, ie the certificate is identical for all hosts? maybe it does not matter?) and how long is it valid for (1 year by default I guess which makes this scheme difficult to use in practice for the reasons given above?)?
>Thank you very much in advance for your help!
> Best regards
>questions mailing list
>questions at lists.ntp.org
Golly. You are the first person in 20 years to have asked about the
private certificate scheme. Frankly, I don't remember all the tiny
details you mentioned. However, the Autokey scheme is about to be
replaced by new security proposals, so it is probably better to wait
until the dust clears.
More information about the questions