[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: time resolution (was Re: six-page binary format draft)

	 As I recall the NTP specified security feature depends on shared
	 secret keys with no specified key distribution mechanism.

Yes, but that isn't the point -- NTP's authentication is hop-by-hop,
not end-to-end.  See 

        author = {Bishop, Matt},
        title = "A Security Analysis of the {NTP} Protocol",
        booktitle = {Sixth  Annual Computer Security Conference Proceedings},
        address = {Tucson, AZ},
        pages = {20--29},
        year = 1990,
        month = {December},
        url = {ftp://louie.udel.edu/pub/ntp/doc/security.ps.Z}

for a more complete analysis.  (As an aside, there's a new draft RFC
on NTP authentication.  I haven't read it yet, and I don't know if it
addresses Bishop's concerns.)