[ntp:hackers] Normative reference for MD5 authentication on NTPv3?

Danny Mayer mayer at ntp.isc.org
Mon Jun 30 11:52:23 UTC 2008


Andrew Bartlett wrote:
> On Sun, 2008-06-29 at 14:36 -0400, Danny Mayer wrote:
>> Andrew Bartlett wrote:
>>> I've been trying (and failing) to get Microsoft to realise that their
>>> 'MS-SNTP' authentication extensions conflict with the MD5 authentication
>>> (with static keys or with autokey) found in the NTP code.
>>>
>>> However, I've had trouble convincing the poor brute tasked with fending
>>> off my questions that a world exists outside Microsoft.  Is there a
>>> document describing these extensions, as used in NTPv3, that I can point
>>> them at?  They seem unable or unwilling to actually read code. 
>>>
>>> Thanks,
>>>
>>> Andrew Bartlett
>> For V3, no. While there was a version of Autokey that may have worked 
>> with V3 it really postdates RFC 1305 and its SNTP brethren. The only 
>> other keys are the symmetric keys and I don't remember if it was in the 
>> RFC 1305 document. I'm pretty sure none of the SNTP RFC's even deal with 
>> extensions. So except for what's in the current NTPv4 and Autokey 
>> drafts, no.
> 
> MD5 with symmetric keys seems not to be in the RFC 1305, which is why
> Micorsoft claims not to have stepped on anybodies toes with their NTPv3
> authentication schema.  Sadly this leaves me without anything much to
> wave at Microsoft (other than source code, which they refuse to read!). 
> 

Just as well. I'm not sure how well documented the code is. Dave will 
have some documentation in his ntp documentation area.

You can send them the NTPv4 draft. If they have objections, then they 
need to speak now before it goes through WGLC.

Danny


More information about the hackers mailing list