[ntp:hackers] Normative reference for MD5 authentication on NTPv3?

Andrew Bartlett abartlet at samba.org
Mon Jun 30 03:58:06 UTC 2008


On Sun, 2008-06-29 at 14:36 -0400, Danny Mayer wrote:
> Andrew Bartlett wrote:
> > I've been trying (and failing) to get Microsoft to realise that their
> > 'MS-SNTP' authentication extensions conflict with the MD5 authentication
> > (with static keys or with autokey) found in the NTP code.
> > 
> > However, I've had trouble convincing the poor brute tasked with fending
> > off my questions that a world exists outside Microsoft.  Is there a
> > document describing these extensions, as used in NTPv3, that I can point
> > them at?  They seem unable or unwilling to actually read code. 
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> 
> For V3, no. While there was a version of Autokey that may have worked 
> with V3 it really postdates RFC 1305 and its SNTP brethren. The only 
> other keys are the symmetric keys and I don't remember if it was in the 
> RFC 1305 document. I'm pretty sure none of the SNTP RFC's even deal with 
> extensions. So except for what's in the current NTPv4 and Autokey 
> drafts, no.

MD5 with symmetric keys seems not to be in the RFC 1305, which is why
Micorsoft claims not to have stepped on anybodies toes with their NTPv3
authentication schema.  Sadly this leaves me without anything much to
wave at Microsoft (other than source code, which they refuse to read!). 

Thanks anyway,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20080630/47e54315/attachment.bin 


More information about the hackers mailing list