[ntp:questions] Re: AutoKey protocol question

Richard B. Gilbert rgilbert88 at comcast.net
Mon Jan 10 16:17:30 UTC 2005


Eldar, Dori wrote:

>couple of Newbie questions:
> 
>1. How does the Server Certificate validation performed by NTP clients,
>differ from standard PKI certificate validation defined in RFC 2459 ?
>Specifically the AutoKey Protocol draft dated Aug 2003, briefly mentions
>the Certificate's Validity  Period field in Appendix G. and refers the
>reader to Appendix E. for additional information, I did not find any
>relevant information in this Appendix describing the content of this
>field. 
> 
>2. My main question is the following: If an NTP client has no notion of
>the current time, how can the client validate an NTP server certificate
>validity period? Is the intent to simply ignore this field when
>validating certificates?
> 
>Thanks In Advance
> Dori  
>  
>
An NTP client should have some notion of the correct time!  If your 
clock is more than a minute or two off, you should set it from your 
wrist watch or cell phone before starting ntpd.



More information about the questions mailing list