[109056] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Tue Nov 4 05:30:17 2008
Date: Tue, 4 Nov 2008 10:30:09 +0000
From: bmanning@vacation.karoshi.com
To: Paul Ferguson <fergdawgster@gmail.com>
In-Reply-To: <6cd462c00811032223m701e736i89684f8aceeba62@mail.gmail.com>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Mon, Nov 03, 2008 at 10:23:07PM -0800, Paul Ferguson wrote:
> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent@gmail.com> wrote:
>
> > Hi,
> >
> > I was wondering what most folks use for NTP security?
> >
> > Do they use the low cost, light weight symmetric key cryptographic
> > protection method using MD5 or do folks go in for full digital
> > signatures and X.509 certificates (AutoKey Security)?
> >
>
> I'm just wondering -- in globak scheme of security issue, is NTP
> security a major issue?
>
> Just curious.
>
> - ferg
depends on your POV... in a dns context, TSIG and DNSSEC validation
depend on accurate time - failure to resolve data because of a time slip
might be considered a significantissue.
--bill
