[ntp:questions] Re: NTP sync

David L. Mills mills at udel.edu
Thu Oct 2 01:17:18 UTC 2003


Roger,

I don't have a good answer for you. If you run IPSEC VPN tunnels, you
are at the mercy of the encaspsulation and VPN jitter, whatever that may
be. The NTP security model, either symmetric or public key is not a
factor.

The more general challenge is to provide hard-rock security in cases
where you don't have the luxury of tunnels between trusted provider and
naive consumers, exactly the case with public time servers. Not that I
would recommend it in your case, but let's assume your only time sources
are public time servers operating in the clear outside firewalls. You
could redistribute using the tunnels, of course, but you are stuck with
that first hop. This is the scenario I had in mind for the NTP public
key security model. Your tunnels don't need it and you should avoid it.

Dave

Roger wrote:
> 
[content deleted due fascist news system]



More information about the questions mailing list