[ntp:questions] Embedded solutions

Brian Utterback brian.utterback at oracle.com
Thu Jul 10 14:17:33 UTC 2014


On 7/10/2014 9:26 AM, Paul wrote:
> On Thu, Jul 10, 2014 at 9:07 AM, Brian Utterback
> <brian.utterback at oracle.com> wrote:
>> You still have the keys problem. Keys authenticate the NTP server to the
>> client. How would you manage keys?
>
> Are you asking if it supports autokey?  It currently doesn't,
> according to the doc there's one symmetric key slot.
>
> I don't manage keys.  In my case anyone that can get past the
> firewalls is entitled to talk to the servers and I'm not invested in
> mutual authentication as a solution to poor system management.

Well, at least it supports the one key and it is apparently changeable. 
But NTP authentication is not mutual authentication, nor does it have 
anything to do with entitlement of the client. It is about the client 
trusting the server, and your firewall doesn't help much with that. That 
having been said, there are an awful lot of people in the world that 
simply go on blind trust without any authentication at all. But they are 
simply relying on the lack of people that would wish to subvert the time 
in their environment. That works well until it doesn't.

Brian Utterback

Brian Utterback


More information about the questions mailing list