[ntp:questions] Re: server's address in ntp payload?

David Schwartz davids at webmaster.com
Sun Nov 27 21:43:47 UTC 2005

"Danny Mayer" <mayer at ntp.isc.org> wrote in message 
news:43891275.6060702 at ntp.isc.org...

> David Schwartz wrote:

>>     I think using the IP addresses in the crypto code is pretty 
>> bone-headed
>> anyway, assuming you rely on it in any way.

    Note the "assuming you rely on it in any way"?

>> You should use a public key
>> identifier, not an IP address. Using it as quick 'which endpoint *might* 
>> I
>> be talking to' or '*might* this be from the same host I was talking to
>> before' is fine. But you should never rely on it.

> I'm not going to respond to the rest of this as the two of you have
> gotten way off topic. The newsgroup is about NTP and not UDP.

    Once an erroneous statement is made in public, it needs to be corrected. 
Especially one that people might rely upon to their serious harm.

> The above makes a basic erroneous assumption aout how autokey works.

    The above is not about how autokey works. That's why I said things like 
"assuming you rely on it any way".

> It
> doesn't work the way you think.

    It does work the way I think. I am not saying there is any defect in the 
autokey protocol.

> The IP Addresses are just two
> ingredients in creating the protocol, not the only ones. You really need
> to read how it works before you criticize what it uses.

    You could replace the IP address with a randomly-chosen 32-bit seed on 
each side and the defense against MIM-attacks would not get any weaker or 
stronger. The claim that you can use IP addresses to protect (or help 
protect) against MIM-attacks is a dangerous falsehood. This is true for 
autokey or any other protocol.

    It has nothing to do with how autokey works. It's this simple -- the MIM 
controls the IP addresses, so they are of no use to protect against the MIM.


More information about the questions mailing list