Brian Utterback wrote: > Danny Mayer wrote: > >> Brian Utterback wrote: > > >>> If that is a layering violation, then why do you need to know both the >>> source and destination address of each NTP packet to authenticate it? >>> >> >> >> I refer you to the autokey protocol. >> > > Circular reasoning again. This is a "what is" argument. Couldn't the > autokey protocol be redesigned not to rely on the IP addresses? >
I didn't design the autokey protocol and have not reviewed it. However from what I understand the IP addresses are used as seeds for the authentication codes and ensure that it only work between two specific endpoints so MIM attacks are virtually impossible. Danny _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
