Path: utzoo!utgpu!watserv1!watmath!att!linac!unixhub!shelby!ulysses.att.com!smb
From: smb@ulysses.att.com
Newsgroups: comp.protocols.kerberos
Subject: Re: timestamp in authentication process
Message-ID: <9103010050.AA19844@shelby.Stanford.EDU>
Date: 1 Mar 91 00:43:42 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 26


	 Actually, not so difficult.  NTP accuracies of milliseconds
	 are common, and NTP version 2 has a full encyption system for
	 security (although some of the implementations are weak,
	 leaving the DES keys out in the open) ("Nothing is so common
	 as the incomplete execution of a Good Idea".).

In fact, NTP's authentication code is not suitable for time distribution
in a Kerberos-like environment.  There are several reasons for this.
First, from where would the workstation get the key to authenticate
the time chime?  You can't store it on the workstation itself.
Rather, you can't store it securely, or J. Random Badguy can find it
and use it to generate false ticks.  Second, and almost a corollary,
every pair of NTP hosts needs its own separate key.  That doesn't
scale well to thousands of workstations.  (More precisely, every
authentication domain, wherein every host trusts every other for
that function, must have a separate key.  But the real problem is
the workstation arena, precisely where you need many keys, and
where keys can't be shared.)

NTP's authentication code does work well for controlling implementations,
and for authentication among comparatively few low-stratum hosts.  It
doesn't help Kerberos, at least for workstations.


		--Steve Bellovin