[109048] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Tue Nov 4 01:29:55 2008
To: "Paul Ferguson" <fergdawgster@gmail.com>
In-Reply-To: Your message of "Mon, 03 Nov 2008 22:23:07 PST."
<6cd462c00811032223m701e736i89684f8aceeba62@mail.gmail.com>
Date: Mon, 03 Nov 2008 22:29:42 -0800
From: "Kevin Oberman" <oberman@es.net>
X-To: "Paul Ferguson" <fergdawgster@gmail.com>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1225780182_58469P
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> Date: Mon, 3 Nov 2008 22:23:07 -0800
> From: "Paul Ferguson" <fergdawgster@gmail.com>
>
> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent@gmail.com> wrote:
>
> > Hi,
> >
> > I was wondering what most folks use for NTP security?
> >
> > Do they use the low cost, light weight symmetric key cryptographic
> > protection method using MD5 or do folks go in for full digital
> > signatures and X.509 certificates (AutoKey Security)?
> >
>
> I'm just wondering -- in globak scheme of security issue, is NTP
> security a major issue?
>
> Just curious.
It's probably not a "major issue", but forged NTP data can, in theory,
be used to allow the implementation of replay attacks. I'll admit I have
never heard of a real-world case.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
--==_Exmh_1225780182_58469P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Exmh version 2.5 06/03/2002
iD8DBQFJD+vWkn3rs5h7N1ERAuhNAJ9VWSA7JJDxhlpGPMT9jSMEM02aGACgsanv
DS0NGKrFUzRt4gbCIv26ELI=
=CLV6
-----END PGP SIGNATURE-----
--==_Exmh_1225780182_58469P--
