[ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Options forDHCPv6

TS Glassey tglassey at earthlink.net
Wed Nov 21 15:18:58 GMT 2007 

----- Original Message ----- 
From: "Danny Mayer" <mayer at ntp.org>
To: "Ralph Droms" <rdroms at cisco.com>
Cc: <ntpwg at lists.ntp.org>; <dhcwg at ietf.org>; "Brian Utterback" 
<Brian.Utterback at Sun.COM>; "Richard Gayraud ((rgayraud))" 
<rgayraud at cisco.com>
Sent: Friday, November 16, 2007 7:33 AM
Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) Options 
forDHCPv6


> Ralph Droms wrote:
>> DHCPv6 does not use IPSEC between the client and the server.  Rather,
>> it uses a shared key for authentication and message verification.
>>
>> It is possible to use IPSEC between a relay agent and a server.
>>
>
> Thanks for the correction. As long as the shared key authentication does
> not depend on a valid time in any way then this is fine.

That potentially eliminates the use of  KRB5 Tokens

>
> Danny
>> - Ralph
>>
>> On Nov 15, 2007, at Nov 15, 2007,11:26 PM, Danny Mayer wrote:
>>
>>> Brian Utterback wrote:
>>>> Interesting. I agree that a key needs to be specified somehow, but it
>>>> is not clear to me how to do it. We have to assume that the client
>>>> does not have the same NTP keys. However, we would like a way to
>>>> specify a server and keys securely, so that the security of the
>>>> network depends only on the security of DHCP. Again I am not up to
>>>> date, *is* there a secure DHCP? If so, then how to get keys to the
>>>> clients becomes an issue.
>>>
>>> DHCPv6 uses IPSEC for security. However, as I pointed out in my own
>>> response, if you are provisioning an NTP server then it means that NTP
>>> is not running at the time and any security that requires reasonably
>>> close timestamps at both ends is likely to fail.
>>>
>>> Danny
>>>
>>> _______________________________________________
>>> dhcwg mailing list
>>> dhcwg at ietf.org
>>> https://www1.ietf.org/mailman/listinfo/dhcwg
>>
>
> _______________________________________________
> ntpwg mailing list
> ntpwg at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/ntpwg

More information about the ntpwg mailing list