|Main Archive Page > Month Archives > ipsec archives|
On 10/15/2011 9:29 PM, Nico Williams wrote:
> On Fri, Oct 14, 2011 at 7:19 PM, David L. Mills <firstname.lastname@example.org> wrote:
>> Nico and Danny,
>> It might help to explain the issues in the NTP white papers at the NTP
>> project page www.eecis.udel.edu./ntp.html. Chapter 16 in the book shows the
>> results of experiments using interleaved mode, which might be of interest in
>> PTP broadcast issues. The paper on Simulation and Analysis of the NTP
>> On-Wire protocol uses a two-step process similar to PTP. The paper on NTP
>> Security Analysis may have lessons for PTP authentication. The NTP Autokey
>> model needs help, as suggested in that paper.
> Also helpful was to note the cc list and then look at the TICTOC WG charter.
> If I understand the I-D we're talking about a an extension to IPsec to
> minimize overhead in handling of packets carrying time data,
> particularly in an SG environment. This would allow NTP to be run
> with no crypto inside the security boundary, with IPsec providing
> security outside. Is this correct? And this performs better than the
> interleaved NTP scheme with asymmetric key signatures?
I cannot answer for the performance but if I was worried about making
sure I got the correct time I'd be more likely to be concerned about
authenticating the server than encrypting the contents. Encryption
doesn't do a thing for ensuring you got a valid packet.
IPsec mailing list