On Tue, 2008-06-10 at 10:28 -0700, Richard Guthrie wrote: > Andrew, > > I wanted to see if you have had a chance to review the article below to see > if it addresses your issue. Let me know if it did/did not help your team.
Certainly I know that I should talk to the www.ntp.org community and the NTP working group before blindly deploying the Microsoft protocol, but what I was looking for was a better statement then the opening paragraph: [RFC1305] Appendix C describes a mechanism similar to the authentication extensions documented here. The extensions documented here provide for better security by using a stronger checksum algorithm, and by using keying material that is more convenient for Windows systems joined to a Windows domain. Instead, perhaps it should be rewritten as a warning, describing the protocol as a deviation, rather than an improvement (it may not have been that way when the hacks were first added, but it is now): [RFC1305] Appendix C describes a mechanism similar to the authentication extensions documented here. The extensions documented here provide for better security by using a stronger checksum algorithm, and by using keying material that is more convenient for Windows systems joined to a Windows domain, but should not be used outside this context. Internet standard authentication extensions such as as proposed and documented in http://www.ietf.org/internet-drafts/draft-ietf-ntp-autokey-03.txt provide stronger security and serve as a better basis for interoperable implementations. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
