[ntp:questions] Re: NTP sync

David L. Mills mills at udel.edu
Tue Sep 23 16:43:52 UTC 2003


Indeed I spent a good deal of time worrying about the chicken and egg
problem in ad hoc networks, especially the Mars Internet segment of the
Interplanetary Internet. The proto-rfc on NTP security model and Autokey
protocol (see www.eecis.udel.edu/~mills/reports.html) hammers these
issues in brain-numbing detail. One conclusion is that time
synchronization must be the first service to bring up once network
transport and routing are running. You can't do anything else until
certificates and signatures are verified, and thus the synchronization
and cryptographic authentication must be bundled together. And, all this
must be managed in an environment where terrorists are flooding replays
and bogons and middlemen.

Once upon a time the time and routing functions were combined in a
single algorithm called Hellospeak. This may well again be the case for
the Martians.


Michael Sierchio wrote:
> Brad Knowles wrote:
> >     So, what if you're on a wireless network, and the only way to get
> > anywhere at all is over an IPSec tunnel?
> How do ISAKMP messages get through?  UDP traffic on port 500
> isn't tunneled.  How would NTP traffic get through?  An exercise
> left to the reader.
> Another thing -- if you regard NTP to be a critical service, and
> are concerned with security and avoiding potential threats, it's
> better for any number of reasons to use the built-in auth methods.
> How, for example, does an application running on a host verify that
> a VPN tunnel is in force?  It can't.  Validating messages makes
> sense, all the more so because NTP uses UDP.

More information about the questions mailing list