d_anderson writes: > Hi all > > I was wondering if it makes sense to set up Autokey authentication on > a client for when it wants to sync time from *.pool.npt.org. My goal > is to encrypt communication between client and server and to make sure > the server is really the one it claims to be. Can this be even done > with pools?
Not with the current technology. First, autokey is about to become deprecated in favor of NTS - Network Time Security: https://tools.ietf.org/html/draft-ietf-ntp-network-time-security-05 If that wasn't the case, autokey (which was designed a long time ago) needs the server to have a unique key. For pool servers, every pool server would have to share the same private key. That would make the security provided almost nonexistent. If we changed the protocol to use some other mechanism to get the server's key (probably based on the IP) we'd need to change the autokey protocol. That would not appear to be a worthwhile exercise given that we intend to deprecate autokey in favor of NTS "soon". H _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
