[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Fri Mar 25 05:03:34 UTC 2011


Steve Kostecke <kostecke at ntp.org> wrote:
> On 2011-03-25, jimp at specsol.spam.sux.com <jimp at specsol.spam.sux.com>
> wrote:
> 
>> Chris Albertson <albertson.chris at gmail.com> wrote:
>>
>>> On Thu, Mar 24, 2011 at 2:26 PM, <jimp at specsol.spam.sux.com> wrote:
>>>
>>>
>>>> When I see questions like this my first response is "Why all the
>>>> bother?".
>>>>
>>>> There is nothing secret or proprietary about the time of day.
>>>
>>> Security is so that you know you are not being spoofed. Or if you are
>>> providing the time so that you can prove to your users that you are
>>> who you claim to be and are not spoofing them.
>>
>> The question was about clients authenticating to the server.
> 
> NTP Authentication authenticates the server to the clients. It is not a
> client access control mechanism.

Yeah, I know, I should not have put "to" between the words "authenticating"
and "server".

It would be impossible to spoof a proper NTP setup where time is critical.

If time is critical, a proper setup would have multiple servers as well as
multiple independent, local sources like GPS and CDMA.
 

-- 
Jim Pennino

Remove .spam.sux to reply.




More information about the questions mailing list