[ntp:questions] Better explanation of NTP public-key authentication?

Danny Mayer mayer at gis.net
Fri Jul 15 22:04:52 UTC 2005


Garrett Wollman wrote:
> I just spent the last half hour or so looking at the description of
> the public-key authentication scheme (or is it schemes?) used by
> version 4 of the Reference Implementation of NTP, on ntp.org.
> Unfortunately, this documentation seems to range in quality from
> "bizarre" to "unintelligible", and the behavior of the "ntp-keygen"
> program does not make it clearer.
> 
> The question is: is there any better documentation, from which I would
> be able to discern whether NTP public-key authentication truly is that
> bizarre (and, if I have vaguely understood what I read, entirely
> broken with respect to PKI) or simply poorly-documented.
> 
> (I'm not a complete idiot where PKI stuff is concerned, having written
> two CA implementations, but I'm barely able to make head or tail of
> the "official" documentation.  The FAQ seems to just regurgitate the
> command lines from the official documents without any sort of
> explanation at all.)
> 
> -GAWollman
> 

Garrett, was this: http://www.eecis.udel.edu/~mills/ntp/html/authopt.html
the documentation you looked at?

There are also 3 documents listed on Dave's ntp pages at:
http://www.eecis.udel.edu/~mills/ntp.html

which discuss NTP Security Model, NTP Security Algorithms and NTP 
Security Protocol. These may prove more useful to you if you haven't 
seen them. Great, I just checked and they're not there now. I do have at 
least one of these documents that I can send you separately. I can also 
send you a paper by Matt Bishop that I found.

Danny






More information about the questions mailing list