[ntpwg] Network Time Protocol (NTP) Options for DHCPv6
Danny Mayer
mayer at ntp.org
Fri Nov 16 04:26:19 GMT 2007
Brian Utterback wrote:
> Interesting. I agree that a key needs to be specified somehow, but it
> is not clear to me how to do it. We have to assume that the client
> does not have the same NTP keys. However, we would like a way to
> specify a server and keys securely, so that the security of the
> network depends only on the security of DHCP. Again I am not up to
> date, *is* there a secure DHCP? If so, then how to get keys to the
> clients becomes an issue.
DHCPv6 uses IPSEC for security. However, as I pointed out in my own
response, if you are provisioning an NTP server then it means that NTP
is not running at the time and any security that requires reasonably
close timestamps at both ends is likely to fail.
Danny
More information about the ntpwg
mailing list