[109052] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (Glen Kent)
Tue Nov 4 03:40:13 2008
Date: Tue, 4 Nov 2008 14:09:20 +0530
From: "Glen Kent" <glen.kent@gmail.com>
To: "Kevin Oberman" <oberman@es.net>
In-Reply-To: <20081104062942.B54E145010@ptavv.es.net>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
So, can i safely assume that nobody deployes Autokey security for NTP
and the best that one does right now is by using the cryptographic
authentication provided in the base spec of NTPv4.
Cheers,
Glen
On Tue, Nov 4, 2008 at 11:59 AM, Kevin Oberman <oberman@es.net> wrote:
>> Date: Mon, 3 Nov 2008 22:23:07 -0800
>> From: "Paul Ferguson" <fergdawgster@gmail.com>
>>
>> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I was wondering what most folks use for NTP security?
>> >
>> > Do they use the low cost, light weight symmetric key cryptographic
>> > protection method using MD5 or do folks go in for full digital
>> > signatures and X.509 certificates (AutoKey Security)?
>> >
>>
>> I'm just wondering -- in globak scheme of security issue, is NTP
>> security a major issue?
>>
>> Just curious.
>
> It's probably not a "major issue", but forged NTP data can, in theory,
> be used to allow the implementation of replay attacks. I'll admit I have
> never heard of a real-world case.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman@es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
