[ntp:questions] Embedded solutions

Paul tik-tok at bodosom.net
Thu Jul 10 15:02:01 UTC 2014


On Thu, Jul 10, 2014 at 10:17 AM, Brian Utterback
<brian.utterback at oracle.com> wrote:
>
> Well, at least it supports the one key and it is apparently changeable. But
> NTP authentication is not mutual authentication, nor does it have anything
> to do with entitlement of the client.

I spoke overly broadly or I misunderstood "The MV scheme is intended
for the most challenging scenarios where it is neccesary to protect
against both server and client masquerade.".
Or both.

> It is about the client trusting the
> server, and your firewall doesn't help much with that.

Well it sorta does since it blocks a class of IP spoofing.

By the way, I don't advocate using a network attached refclock unless
the local network is appropriately configured, you have sufficient
redundancy and a robust time transfer hierarchy.  You don't just drop
one in a comm closet with wire access to the roof, make some dhcp
entries and call it a day.


More information about the questions mailing list