Mills@udel.edu (05/22/91)
Folks, You probably have not noticed that erstwhile NTP stratum-2 server lilben.tn.cornell.edu (192.35.82.50) has been retired and replaced by a Unix box running xntp at the same address. While the accuracy may have suffered a factor of ten, most of you won't care much about that. However, the xntp configuration does not include crypto-authentication, which has been a required feature of all the fuzzball primary and secondary servers, as well as some Unix/xntp installations that cared to participate in the top-level system. It might well be that the Cornfolk may elect to bring up the crypto and I encourage them to do that; however, this brings up the wider issue. As evident from the care I put in the spec and in my own implementations, I feel that any server which can be wholly trusted must maintain an solidly authenticated path to the primary server(s) and, at all costs, the primary servers must maintain fallback paths using their own secret keys. As excuse for my paranoia, consider the case where somebody manages to warp a bunch of primary or secondary servers with a massive attack of fake stratum-1 falsetickers. You may kiss your archives goodbye. Therefore, I would like to encourage those of you who care and who have the necessary oomph to craft your xntp configuration tables accordingly to bring up the authentication option. If you manage to do that and are willing to burn the modest CPU cycles to munge the crypto-checksum, I would be glad to supply the requisite key(s). Sure, this informal key-distribution scheme will be a laugh to my more learned friends, but it may also be pragmatically prudent. Dave