[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Options for DHCPv6
Ralph Droms
rdroms at cisco.com
Fri Nov 16 04:32:05 GMT 2007
DHCPv6 does not use IPSEC between the client and the server. Rather,
it uses a shared key for authentication and message verification.
It is possible to use IPSEC between a relay agent and a server.
- Ralph
On Nov 15, 2007, at Nov 15, 2007,11:26 PM, Danny Mayer wrote:
> Brian Utterback wrote:
>> Interesting. I agree that a key needs to be specified somehow, but it
>> is not clear to me how to do it. We have to assume that the client
>> does not have the same NTP keys. However, we would like a way to
>> specify a server and keys securely, so that the security of the
>> network depends only on the security of DHCP. Again I am not up to
>> date, *is* there a secure DHCP? If so, then how to get keys to the
>> clients becomes an issue.
>
> DHCPv6 uses IPSEC for security. However, as I pointed out in my own
> response, if you are provisioning an NTP server then it means that NTP
> is not running at the time and any security that requires reasonably
> close timestamps at both ends is likely to fail.
>
> Danny
>
> _______________________________________________
> dhcwg mailing list
> dhcwg at ietf.org
> https://www1.ietf.org/mailman/listinfo/dhcwg
More information about the ntpwg
mailing list