[ntp:questions] Re: Can NTPv4 be fully fuctional without the Public Key Cryptography

Richard B. Gilbert rgilbert88 at comcast.net
Wed Dec 21 23:01:08 UTC 2005


Arul Kumar C wrote:

>Hi All,
>
>Can NTPv4 code, be run without Public Key Cryptography.  I am trying to
>understand the NTPv4 implementation.  I went through the Draft and the
>presentations listed in the site.  I could get that both Symmetric key
>and Public key are supported.  And also from the code (ntp-4.2.0), all
>the public key crypto is placed within OPENSSL pre-processor macro.
>
>Inspite of all these, I could not strongly conclude that they are
>optional.  Just willing to make sure from you experts, whether NTPv4
>can fully functional without  Public Key Cryptography.
>
>Please enlighten me.  Please let me know if I am missing any info.
>
>Regards,
>Arul Kumar C
>
>  
>
You can synchronize your clock without cryptography.  Many people do.  
You can serve time to others without cryptographic authentication.

If you have a requirement to be absolutely certain that you are dealing 
only with the servers you intended to use, you need cryptographic 
authentication.  You might have this requirement if you are subject to 
legal requirements to have your time stamps traceable to NIST or other 
national standards laboratories.  Cryptographic authentication is the 
default for both broadcast and multicast unless you explicitly disable it.




More information about the questions mailing list