[ntp:questions] Better explanation of NTP public-key authentication?

Garrett Wollman wollman at khavrinen.csail.mit.edu
Fri Jul 15 21:33:13 UTC 2005


I just spent the last half hour or so looking at the description of
the public-key authentication scheme (or is it schemes?) used by
version 4 of the Reference Implementation of NTP, on ntp.org.
Unfortunately, this documentation seems to range in quality from
"bizarre" to "unintelligible", and the behavior of the "ntp-keygen"
program does not make it clearer.

The question is: is there any better documentation, from which I would
be able to discern whether NTP public-key authentication truly is that
bizarre (and, if I have vaguely understood what I read, entirely
broken with respect to PKI) or simply poorly-documented.

(I'm not a complete idiot where PKI stuff is concerned, having written
two CA implementations, but I'm barely able to make head or tail of
the "official" documentation.  The FAQ seems to just regurgitate the
command lines from the official documents without any sort of
explanation at all.)

-GAWollman

-- 
Garrett A. Wollman    | As the Constitution endures, persons in every
wollman at csail.mit.edu | generation can invoke its principles in their own
Opinions not those    | search for greater freedom.
of MIT or CSAIL.      | - A. Kennedy, Lawrence v. Texas, 539 U.S. 558 (2003)




More information about the questions mailing list