[109057] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (Glen Kent)
Tue Nov 4 06:11:22 2008
Date: Tue, 4 Nov 2008 16:41:00 +0530
From: "Glen Kent" <glen.kent@gmail.com>
To: bmanning@vacation.karoshi.com
In-Reply-To: <20081104103009.GA13379@vacation.karoshi.com.>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
My original question got drowned amidst all this vibrant discussions!
Do folks already use or plan to use Autokey for NTP?
Glen
On Tue, Nov 4, 2008 at 4:00 PM, <bmanning@vacation.karoshi.com> wrote:
> On Mon, Nov 03, 2008 at 10:23:07PM -0800, Paul Ferguson wrote:
>> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I was wondering what most folks use for NTP security?
>> >
>> > Do they use the low cost, light weight symmetric key cryptographic
>> > protection method using MD5 or do folks go in for full digital
>> > signatures and X.509 certificates (AutoKey Security)?
>> >
>>
>> I'm just wondering -- in globak scheme of security issue, is NTP
>> security a major issue?
>>
>> Just curious.
>>
>> - ferg
>
> depends on your POV... in a dns context, TSIG and DNSSEC validation
> depend on accurate time - failure to resolve data because of a time slip
> might be considered a significantissue.
>
> --bill
>
