Technical Summary
This document describes the Autokey security model for
authenticating servers to clients using the Network Time Protocol
(NTP) and public key cryptography. Its design is based on the
premise that IPSEC schemes cannot be adopted intact, since that
would preclude stateless servers and severely compromise timekeeping
accuracy. In addition, PKI schemes presume authenticated time values
are always available to enforce certificate lifetimes; however,
cryptographically verified timestamps require interaction between
the timekeeping and authentication functions.
This document includes the Autokey requirements analysis, design
principles and protocol specification. A detailed description of the
protocol states, events and transition functions is included. A
prototype of the Autokey design based on this memo has been
implemented, tested and documented in the NTP Version 4 (NTPv4)
software distribution for Unix, Windows and VMS at
http://www.ntp.org.
Working Group Summary
The NTP working group has done extensive reviews of this document,
and it reflects the consensus of the working group.
Document Quality
This document has been reviewed by several members of the
ntpwg@lists.ntp.org mailing list and by the NTP WG chairs.
Personnel
Karen O'Donoghue is the responsible document shepherd.
Ralph Droms is the responsible Area Director.