[ntp:questions] IFF autokey issue

Garrett Wollman wollman at bimajority.org
Tue May 8 03:03:40 UTC 2007


In article <slrnf3v85q.2gr.kostecke at stasis.kostecke.net>,
Steve Kostecke  <kostecke at ntp.isc.org> wrote:

>What has happened is that Vladimir has discovered the fact the Autokey
>will "degrade" to TC in the event that parameters for no other Identity
>Scheme are present. So he is asking "what's the point" of IFF (and, by
>extension, GQ and MV) if the Authentication will succeed just on the
>strength of the host parameters.

Say what?

So lemme get this straight... I can configure my NTP servers so that
any autokey-using client will believe they are authentic, based solely
on a bit that was set in an unauthentic certificate?

That's even more broken than I thought.

-GAWollman

-- 
Garrett A. Wollman   | The real tragedy of human existence is not that we are
wollman at csail.mit.edu| nasty by nature, but that a cruel structural asymmetry
Opinions not those   | grants to rare events of meanness such power to shape
of MIT or CSAIL.     | our history. - S.J. Gould, Ten Thousand Acts of Kindness




More information about the questions mailing list