[ntp:security] NTP FIPS compliant
Brad Knowles
knowles at ntp.org
Mon Dec 1 03:35:37 UTC 2008
on 11/30/08 9:26 PM, Danny Mayer said:
> This is not an appropriate question for the security list which is
> dedicated to possible security bugs. You need to repost this to
> hackers at lists.ntp.org or the questions at lists.ntp.org mailing lists.
Sorry, I thought it was appropriate, so I allowed that through the
moderation queue. I also thought it was appropriate for the ntp-legal
list, so I allowed it through over there as well.
> Please note that you should be contacting NIST if you need to determine
> their requirements. NTP is not responsible for their requirements. I
> will tell you that Kerberos is not involved with NTP authentication nor
> can it since it is sensitive to accurate time in the first place.
> Autokey has been carefully designed not to depend on Kerberos or any
> other protocol that expects valid time.
The OP is apparently from DHS, so I don't understand why they'd be
contacting us about any of these issues. But there you go.
--
Brad Knowles <knowles at ntp.org>
Postmaster, Listmaster, & PGP Keymaster for the NTP Public Services Project
More information about the security
mailing list