In article <[EMAIL PROTECTED]>, Patrice Renard <[EMAIL PROTECTED]> wrote:
> What do you mean with "If you wish to use NTP Authentication you must obtain > the Identity The impression I get is that you understand security issues sufficiently poorly that you will not be able to make a system secure without employing (paid) outside consultants. Security is not something that can be done without understanding - a lot of users of e-commerce systems could actually be sending their account details to almost anyone because they don't understand how SSL works and nor does the e-commerce site operator. One key point to remember is that you need to understand what sorts of attacks you are protecting against. > Scheme Paramters (e.g. the IFF Public Key) from each time server with which > you wish to have an authenticated association."? > How can I receive the IFF Public Key from a public time server? Firstly you need to find public servers that are prepared to give you public keys - I doubt that there are many. Then you have to treat them like any other public key material, i.e. transfer them over a trusted, but not necessarily secure, channel. If the server has an associated https web site and you obtained your browser via a trusted channel and trust the organisation that countersigned thier SSL certificate, you might just be able to get it over the web, but typical transport mechanisms for key material include the use of courier services. I'm not sure if NTP transmits the public key itself, but if it does, you might be able to compromise and take it on trust that you are initially talking to the right server then use the key to confirm that the situation hasn't changed, but that is always a risky procedure when security really matters. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
