[ntp:questions] Embedded solutions
Brian Utterback
brian.utterback at oracle.com
Thu Jul 10 14:17:33 UTC 2014
On 7/10/2014 9:26 AM, Paul wrote:
> On Thu, Jul 10, 2014 at 9:07 AM, Brian Utterback
> <brian.utterback at oracle.com> wrote:
>> You still have the keys problem. Keys authenticate the NTP server to the
>> client. How would you manage keys?
>
> Are you asking if it supports autokey? It currently doesn't,
> according to the doc there's one symmetric key slot.
>
> I don't manage keys. In my case anyone that can get past the
> firewalls is entitled to talk to the servers and I'm not invested in
> mutual authentication as a solution to poor system management.
Well, at least it supports the one key and it is apparently changeable.
But NTP authentication is not mutual authentication, nor does it have
anything to do with entitlement of the client. It is about the client
trusting the server, and your firewall doesn't help much with that. That
having been said, there are an awful lot of people in the world that
simply go on blind trust without any authentication at all. But they are
simply relying on the lack of people that would wish to subvert the time
in their environment. That works well until it doesn't.
Brian Utterback
Brian Utterback
More information about the questions
mailing list