nanog mailing list archives
Re: NTP Md5 or AutoKey?
From: "Kevin Oberman" <oberman () es net>
Date: Mon, 03 Nov 2008 22:29:42 -0800
Date: Mon, 3 Nov 2008 22:23:07 -0800 From: "Paul Ferguson" <fergdawgster () gmail com> On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent <glen.kent () gmail com> wrote:Hi, I was wondering what most folks use for NTP security? Do they use the low cost, light weight symmetric key cryptographic protection method using MD5 or do folks go in for full digital signatures and X.509 certificates (AutoKey Security)?I'm just wondering -- in globak scheme of security issue, is NTP security a major issue? Just curious.
It's probably not a "major issue", but forged NTP data can, in theory, be used to allow the implementation of replay attacks. I'll admit I have never heard of a real-world case. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman () es net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Attachment:
_bin
Description:
Current thread:
- NTP Md5 or AutoKey? Glen Kent (Nov 03)
- Re: NTP Md5 or AutoKey? Paul Ferguson (Nov 03)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- Re: NTP Md5 or AutoKey? Nathan Ward (Nov 03)
- Re: NTP Md5 or AutoKey? Roland Dobbins (Nov 03)
- RE: NTP Md5 or AutoKey? Deepak Jain (Nov 05)
- Re: NTP Md5 or AutoKey? Valdis . Kletnieks (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- RE: NTP Md5 or AutoKey? Lincoln Dale (Nov 04)
- RE: NTP Md5 or AutoKey? Tony Finch (Nov 04)
- Re: NTP Md5 or AutoKey? Kurt Erik Lindqvist (Nov 06)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Steven M. Bellovin (Nov 04)
- Re: NTP Md5 or AutoKey? Paul Ferguson (Nov 03)