[ntp:questions] IFF autokey issue
kostecke at ntp.isc.org
Mon May 7 19:29:47 UTC 2007
On 2007-05-07, Vladimir Smotlacha <vs at cesnet.cz> wrote:
> I setup up an IFF identity scheme at my labs NTP server and client.
> I did it exactly according to available documentation and it worked O.K.
> However, I tried it once more with new keys and certficates but without
> copying IFF parameters to the client (i.e. the client did not know IFF
> parameters). I expected that the authentication fails but it was
> successful again.
The Trusted Certificate (TC) Identity Scheme was being used because you
generated trusted host parameters (with '-T') on the server,
> It seems that the client acts the same way as in previous case.
Because the authentication was successful.
> Should there be observed a difference in client behavior in both
The only difference that you will see is in the flags for that
association on the client end.
> What profit has client from knowledge of the IFF params and key?
I'll let someone else answer that.
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions