[ntp:questions] Re: Secure W32Time

Richard B. Gilbert rgilbert88 at comcast.net
Mon Mar 20 23:28:58 UTC 2006

news.telenet.be wrote:
> Dear Dr. Mills
> I installed the NTP version 4.2.0 from the meinberg.de website. This Time 
> syncronization service works fine on a test server. Thank you David for your 
> reply.
> Unfortunatly, I didn't find information about the configuration of a secure 
> connection to the public time servers with ESP, AH or MD5. You suggest on 
> the website of the University of Delaware to use the Autokey security 
> Architecture, Protocol and Algorithms 
> (http://www.eecis.udel.edu/~mills/database/reports/stime1/stime.pdf).
> But I'm a bit confused about Autokey! How do I use this application with the 
> NTP version 4.2.0 for Windows to transmit secure NTP requests to the public 
> time servers? Where can I find this application?
> Best regards,
> Patrice

I think you may misunderstand Autokey security.

All Autokey, or any of the other encryption systems does for you, is to 
authenticate the server to the client.  It gives you some assurance that 
the server sending the packet really is who he claims to be.  The packet 
has an encrypted signature.  Anybody can read the request packet and 
anybody can read the reply packet.  After all, there is nothing secret 
about the correct time, your IP address, the server's IP address, etc.

More information about the questions mailing list