On Thu, Jul 10, 2014 at 10:17 AM, Brian Utterback <brian.utterb...@oracle.com> wrote: > > Well, at least it supports the one key and it is apparently changeable. But > NTP authentication is not mutual authentication, nor does it have anything > to do with entitlement of the client.
I spoke overly broadly or I misunderstood "The MV scheme is intended for the most challenging scenarios where it is neccesary to protect against both server and client masquerade.". Or both. > It is about the client trusting the > server, and your firewall doesn't help much with that. Well it sorta does since it blocks a class of IP spoofing. By the way, I don't advocate using a network attached refclock unless the local network is appropriately configured, you have sufficient redundancy and a robust time transfer hierarchy. You don't just drop one in a comm closet with wire access to the roof, make some dhcp entries and call it a day. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions