[ntp:questions] Re: AutoKey protocol question

David L. Mills mills at udel.edu
Tue Jan 11 03:54:57 UTC 2005


The security model is much tighter than that. There is the notion of 
file system time, where each file has a proventic filestamp. Proventic 
filestamps can be struck only when the host is known to have the correct 
time as per NTP. Don't ask at the moment how this happens when the host 
is started for the first time.

Filetamps are required to satisfy a partial order relation and the 
protocol will preserve and extend the relation. Ordinary timestamps on 
the other hand do not. So, a client coming up with dirty rotten time 
cannot trust its filestamps until the clock is set. This causes a lot of 
little tricky time comparison issues that you have probably already 
found in one of the appendices.

By the way, certificate times are significant only for the actual 
signing operation. If a server is found with an expired certificate, but 
is never asked to sign anything, it works. In other words, if NIST 
servers had expired certificates, their stratum-2 clients would not 
care. In some of the protocol variants the server is not asked to sign 
anything, so the certificat becomes simply a host name link. However, 
the expired certificate is usually caught because a client wishing to 
itself become a server asks it server to sign its own certificate and 
this does provoke an error.


Richard B. Gilbert wrote:

> Eldar, Dori wrote:
>> couple of Newbie questions:
>> 1. How does the Server Certificate validation performed by NTP clients,
>> differ from standard PKI certificate validation defined in RFC 2459 ?
>> Specifically the AutoKey Protocol draft dated Aug 2003, briefly mentions
>> the Certificate's Validity  Period field in Appendix G. and refers the
>> reader to Appendix E. for additional information, I did not find any
>> relevant information in this Appendix describing the content of this
>> field.
>> 2. My main question is the following: If an NTP client has no notion of
>> the current time, how can the client validate an NTP server certificate
>> validity period? Is the intent to simply ignore this field when
>> validating certificates?
>> Thanks In Advance
>> Dori   
> An NTP client should have some notion of the correct time!  If your 
> clock is more than a minute or two off, you should set it from your 
> wrist watch or cell phone before starting ntpd.

More information about the questions mailing list