North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: NTP Md5 or AutoKey?

  • From: Deepak Jain
  • Date: Wed Nov 05 16:20:57 2008

Of course, this only really works if your network has 3 reliable
+secure time sources + 1 for redundancy. I'm not sure that .*pool\.ntp
\.org would class as reliable+secure if you're concerned about NTP
security.

It's important to recognize that "secure" NTP has nothing to do with real
World time, and everything to do with all your secure systems being on
*the same* time, whatever that is. It really doesn't matter (much) if your
secure NTP cluster gets its time from an inconsistent source [provided it won't
allow changes of too great a magnitude at a time] but as long as they are all on the *same* time, you can maintain your security.

>From an SPs point-of-view, security is very odd. It doesn't matter how well your
"internal" systems are if you are sending mail with the wrong time (say some
future date) and MTAs at your customers are rejecting them.

Deepak