[ntp:questions] Authenticated time

Juhasz Gabor Gabor.Juhasz at KONE.com
Mon Feb 29 08:20:32 UTC 2016


Hi All,

I am newbie in NTP world so it is possible that my question
has been already answered. Sorry for it.

The latest openNTP (openntpd-5.7p4) contains a very
useful feature: CONSTRAINTS

openntpd.conf.5:

"openntpd(8) can be configured to query the ‘Date’ from trusted
HTTPS servers via TLS. This time information is not used
for precision but acts as an authenticated constraint, thereby
reducing the impact of unauthenticated NTP man-in-the-middle
attacks. Received NTP packets with time information falling
outside of a range near the constraint will be discarded and
such NTP servers will be marked as invalid."

More details are here :
http://www.undeadly.org/cgi?action=article&sid=20150210103656
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ntpd.conf.5?query=ntpd&apropos=1

Is there any plan that NTP will contain this or similar feature?

Kind regards,
Gabor Juhasz


More information about the questions mailing list