NTP Md5 or AutoKey?

Kevin Oberman oberman at es.net
Tue Nov 4 00:29:42 CST 2008


> Date: Mon, 3 Nov 2008 22:23:07 -0800
> From: "Paul Ferguson" <fergdawgster at gmail.com>
> 
> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent at gmail.com> wrote:
> 
> > Hi,
> >
> > I was wondering what most folks use for NTP security?
> >
> > Do they use the low cost, light weight symmetric key cryptographic
> > protection method using MD5 or do folks go in for full digital
> > signatures and X.509 certificates (AutoKey Security)?
> >
> 
> I'm just wondering -- in globak scheme of security issue, is NTP
> security a major issue?
> 
> Just curious.

It's probably not a "major issue", but forged NTP data can, in theory,
be used to allow the implementation of replay attacks. I'll admit I have
never heard of a real-world case.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20081103/7098c0c8/attachment.bin>


More information about the NANOG mailing list