Brian Utterback wrote: > Danny Mayer wrote: > >> David Schwartz wrote: >> >>> "Danny Mayer" <[EMAIL PROTECTED]> wrote in message >>> news:[EMAIL PROTECTED] >>> >>> >>> >>>> No it is not a flaw in the protocol design. It would be if it were put >>>> in. The address doesn't belong there, it belongs in the IP header which >>>> the receiving server always gets. >>> >>> >>> >>> It is a flaw. Its absence requires the receiver to assume that the >>> origin address of the UDP packet received is the IP address of the >>> sending server. This assumption may or may not be correct. But if the >>> address were in there, the assumption would not be needed. >>> >> >> >> Absolutely not. That would be a layering violation. Verification is done >> through key exchange and the MAC section in the NTP packet. > > > If that is a layering violation, then why do you need to know both the > source and destination address of each NTP packet to authenticate it? >
I refer you to the autokey protocol. Danny _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
