On Nov 12, 11:17 pm, Chuck Swiger <[email protected]> wrote: > Hi, Harry-- > > On Nov 12, 2010, at 8:18 AM, Harry wrote: > > > What I haven't been able to figure out is... > > 1. How/Where to locate a public/remote NTP server that supports MD5 > > authentication? > > http://support.ntp.org/bin/view/Servers/WebSearch?search=MD5&scope=al... > > ...suggests: > > http://support.ntp.org/bin/view/Servers/TimexCsColumbiaEdu > http://support.ntp.org/bin/view/Servers/SeskuPlaneacionNet > > You could also ask your ISP. > > > 2. How would the administrator of this NTP server (a human) > > distribute the keys to me: Via email? Via Phone/Fax? > > You'd probably have to contact the NTP admin and coordinate a method. > > > 3. Having received the keys even by secure means such as email/phone/ > > fax, what is stopping me from going rogue later... say, by using the > > key values of the authentic server and distributing wrong time? (I > > won't of course actually go rogue, just trying to understand.) > > The effect would be similar to any falseticker, whether deliberately serving > rogue time or by accident. By configuring 4 (or more) NTP > servers,http://en.wikipedia.org/wiki/Marzullo%27s_algorithmallows you to > reliably discard 1 (or more) falsetickers. In point of fact, the NTP pool > project uses a scoring mechanism to track the time offsets of servers in the > NTP pool, and will drop servers if their clocks drift out of sync with real > time. > > > Can somebody please explain this in plain English? > > Sure. Almost nobody bothers implementing autokey or MD5 security for NTP > because (a) ntpd is quite good at discarding bad timeservers, (b) people > running NTP timeservers tend to implement monitoring to alert them if a > server is messing up-- perhaps by participating in the NTP pool, or using > Nagios or some similar monitoring, and finally (c) people who really care > about NTP setup a stratum-0 timesource like a GPS receiver, WWV/WWVB radio > clock receiver, or even rubidium/cesium atomic clocks. > > Regards, > -- > -Chuck
Chuck, I found your information as well as insights useful. Thanks! _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
