[ipxe-devel] SSL certificate validation and NTP

Terry Burton tez at terryburton.co.uk
Thu Mar 29 19:33:58 BST 2012


On 29 March 2012 18:56, Terry Burton <tez at terryburton.co.uk> wrote:
> On 22 March 2012 17:37, Michael Brown <mbrown at fensystems.co.uk> wrote:
>> On Thursday 22 Mar 2012 17:05:19 Phil Martin wrote:
>>> I've been experimenting with the HTTPS functions in iPXE over the last
>>> day or so. Since you've enabled the checking of the certificate
>>> validity period, will you be including some sort of NTP functionality
>>> to set the system clock before checking the certificate? Currently, if
>>> for some reason a machine has lost time (or doesn't have a CMOS clock
>>> at all), it will fail to boot over HTTPS as the certificate won't yet
>>> be valid, according to the machine's clock at least. Perhaps it could
>>> use the NTP servers at pool.ntp.org by default, but be overridden if
>>> option 42 was specified in DHCP?
>>
>> Wouldn't that make the validity period check essentially worthless, since a
>> man-in-the-middle attacker could simply fake the current NTP time?  How can we
>> do this securely?
>
> NTP has a concept of authentication using shared secrets that can be
> used for this. If a client sends an NTP request along with AUTH data
> using a shared-key that the server recognises and can validate then
> the response will be sent with corresponding AUTH data that the client
> can validate.

If divulging of the shared-key held in the iPXE image is a concern
then recent NTP software also seem to support public key crypto
("AutoKey"), however I have no operational experience with this. I
might have a go at migrating my NTP infrastructure to this and report
back...

http://support.ntp.org/bin/view/Support/ConfiguringAutokey

Hope this helps.


More information about the ipxe-devel mailing list