[ntp:questions] Re: Can you test my server please.

Danny Mayer mayer at gis.net
Tue Nov 30 22:49:57 UTC 2004


Brad Knowles <brad at stop.mail-abuse.org> wrote in message news:<mailman.37.1101808483.54146.questions at lists.ntp.isc.org>...
> At 9:41 AM -0800 2004-11-29, Danny Mayer wrote:
> 
> >  Why do people want to reinvent something that's already in NTP 4?
> >  Just use the authentication scheme to authenticate the clients to
> >  the server just like servers are authenticated to the clients today.
> 
> 	I'm not aware of any client authentication code anywhere in NTP. 
> Moreover, how do you propose to authenticate millions of clients 
> around the world to a small set of pool.ntp.org servers, many of 
> which are behind personal DSL lines?
> 

I'm not saying that. I'm saying the the protocol already supports
the transfer of authentication packets so it's just a matter of
extending things on both ends to get the server to authenticate
the client.

This has nothing to do with pool. The server shouldn't be in the
pool if it requires client authentication. In any case the NTP
authentication is NOT a function of the IP addresses. The MAC
section of the NTP packet is what is used to transfer authentication
information.

Danny



More information about the questions mailing list