Harry,
As I said, NTP Autokey is designed to operate outside the NAT perimeter.
In principal, although I don't recommend it, it is possible to use
symmetric key cryptography transparently with a NAT box. The policies on
assignment and distribution of keys depend on the agency. NIST has an
experimental MD5 server with expectation you pay a service fee for the
key. I am told NRC (Canada) either plans or has in operation a similar
service.
Dave
Harry wrote:
Hello,
I'm quite new to the NTP world. I haven't had a chance to study and
understand the NTP trust model fully.
But I /have/ understood so far is...
1. that MD5 symmetric keys can be used to authenticate a public/
remote NTP Server
2. that this public/remote, MD5 talking NTP server can reach out to
NTP clients behind a NAT/Firewall (which Autokey protocol cannot)
3. that the MD5 symmetric keys must be distributed securely somehow
to the NTP client.
What I haven't been able to figure out is...
1. How/Where to locate a public/remote NTP server that supports MD5
authentication?
2. How would the administrator of this NTP server (a human)
distribute the keys to me: Via email? Via Phone/Fax?
3. Having received the keys even by secure means such as email/phone/
fax, what is stopping me from going rogue later... say, by using the
key values of the authentic server and distributing wrong time? (I
won't of course actually go rogue, just trying to understand.)
Can somebody please explain this in plain English?
Regards,
/HS
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
