On 10/15/2011 9:29 PM, Nico Williams wrote: > On Fri, Oct 14, 2011 at 7:19 PM, David L. Mills <mi...@udel.edu> wrote: >> Nico and Danny, >> >> It might help to explain the issues in the NTP white papers at the NTP >> project page www.eecis.udel.edu./ntp.html. Chapter 16 in the book shows the >> results of experiments using interleaved mode, which might be of interest in >> PTP broadcast issues. The paper on Simulation and Analysis of the NTP >> On-Wire protocol uses a two-step process similar to PTP. The paper on NTP >> Security Analysis may have lessons for PTP authentication. The NTP Autokey >> model needs help, as suggested in that paper. > > Also helpful was to note the cc list and then look at the TICTOC WG charter. > > If I understand the I-D we're talking about a an extension to IPsec to > minimize overhead in handling of packets carrying time data, > particularly in an SG environment. This would allow NTP to be run > with no crypto inside the security boundary, with IPsec providing > security outside. Is this correct? And this performs better than the > interleaved NTP scheme with asymmetric key signatures? >
I cannot answer for the performance but if I was worried about making sure I got the correct time I'd be more likely to be concerned about authenticating the server than encrypting the contents. Encryption doesn't do a thing for ensuring you got a valid packet. Danny _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec