[ntp:questions] Re: AutoKey protocol question
David L. Mills
mills at udel.edu
Tue Jan 11 03:54:57 UTC 2005
The security model is much tighter than that. There is the notion of
file system time, where each file has a proventic filestamp. Proventic
filestamps can be struck only when the host is known to have the correct
time as per NTP. Don't ask at the moment how this happens when the host
is started for the first time.
Filetamps are required to satisfy a partial order relation and the
protocol will preserve and extend the relation. Ordinary timestamps on
the other hand do not. So, a client coming up with dirty rotten time
cannot trust its filestamps until the clock is set. This causes a lot of
little tricky time comparison issues that you have probably already
found in one of the appendices.
By the way, certificate times are significant only for the actual
signing operation. If a server is found with an expired certificate, but
is never asked to sign anything, it works. In other words, if NIST
servers had expired certificates, their stratum-2 clients would not
care. In some of the protocol variants the server is not asked to sign
anything, so the certificat becomes simply a host name link. However,
the expired certificate is usually caught because a client wishing to
itself become a server asks it server to sign its own certificate and
this does provoke an error.
Richard B. Gilbert wrote:
> Eldar, Dori wrote:
>> couple of Newbie questions:
>> 1. How does the Server Certificate validation performed by NTP clients,
>> differ from standard PKI certificate validation defined in RFC 2459 ?
>> Specifically the AutoKey Protocol draft dated Aug 2003, briefly mentions
>> the Certificate's Validity Period field in Appendix G. and refers the
>> reader to Appendix E. for additional information, I did not find any
>> relevant information in this Appendix describing the content of this
>> 2. My main question is the following: If an NTP client has no notion of
>> the current time, how can the client validate an NTP server certificate
>> validity period? Is the intent to simply ignore this field when
>> validating certificates?
>> Thanks In Advance
> An NTP client should have some notion of the correct time! If your
> clock is more than a minute or two off, you should set it from your
> wrist watch or cell phone before starting ntpd.
More information about the questions