ABSTRACT
Over the past several years, the IETF (Internet Engineering Task Force) has defined and evolved the IPSec infrastructure for privacy protection and source authentication in the Internet. The infrastructure includes the Encapsulating Security Payload (ESP) [1] and Authentication Header (AH) [2] for IPv4 and IPv6, as well as cryptographic algorithms such as MD5 message digest, RSA digital signature, and several variations of Diffie-Hellman key agreement. However, as demonstrated in the reports and briefings cited in the references at the end of this chapter, there is a place for the Internet public
key infrastructure (PKI) and related schemes, but none of these schemes alone satisfies the requirements of the NTP security model. The various key agreement schemes [3-5] proposed by the IETF require per-association state variables, which contradicts the principles of the remote procedure call (RPC) paradigm in which servers keep no state for a possibly large client population. An evaluation of the PKI model and algorithms as implemented in the OpenSSL library leads to the conclusion that any scheme requiring every NTP packet to carry a PKI digital signature would result in unacceptably poor timekeeping performance.
