[ntp:questions] NTP Autokey - who is actively using it?

Harlan Stenn stenn at ntp.org
Fri Jan 16 22:23:29 UTC 2015


"Antonio M. Moreiras" writes:
> We were using autokey at our public ntp servers(1) since 2011. We are
> now in the middle of a process to deactivate it, since 4.2.8 is broken
> (we could not make autokey work with 4.2.8 on Linux, it seems to be some
> issue related to the version 1.0.x of openssl).
> Probably we will let it deactivated. Maybe we are going back to
> symmetric keys (at least between the servers), even if the issue is
> fixed. We fostered our users to try and adopt autokey, but it seems
> there was no interest in the feature.
> []s
> Moreiras.
> [1] {a,b,c,a.st1,b.st1,c.st1,d.st1,gps}.ntp.br

Thanks for the info.  I wasn't aware of any new problems with autokey in
4.2.8 and Martin Burnicki tested a number of cases - all worked for him.

Unless we find real interest in fixing some known issues with autokey, I
think the best thing to do is what you describe - stop using it.  We
expect to have Network Time Security (the IETF specification) up and
running in the next 6 months' time (more or less), and that should be a
much better solution.

> On 15/01/15 00h06m, Harlan Stenn wrote:
> > I'm trying to figure out if anybody is actively using autokey, in a
> > production deployment.
> > 
> > If you are, please let me know - I have some questions for you.
> > 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions

More information about the questions mailing list