On 7/27/2010 7:01 PM, Doug Arnold wrote: > Hi Greg, > > I agree, and I suspect that femptocells is not the only application > where this will come up. If a network operator is encrypting everything > else, they are not going to want to make an exception for ptp, just > because encryption isn't required.
I'm not suggesting you do something different for PTP packets than any other packets, but if you start to use IPSec you must ask yourself the followup question: IPSec is itself dependent on accurate time and initially you don't know how accurate the clocks are. People forget that there are builtin assumptions made about certificates and all of the IPSec infrastructure that depends on the clock already being accurate. Consider what happens when your system clock gets set back to 1969 because it doesn't have a TOY. Can you even create an IPSec connection? This is the reason why NTP's Autokey (RFC 5906 - it's nice to finally have an RFC to quote!) goes to such lengths in its authentication mechanism to validate just the server. You cannot depend on the accuracy of the clocks at either end while negotiating the autokey. > Timing is often an afterthought on a network which was designed for > other things. Timing has to work on a network that might be very > different from one which we would design to make timing work optimally. Agreed. Danny _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
