Hi Teru,
The CallManager platform OS does not support the use of authenticated NTP. This function is required to better secure the network infrastructure. Without the use of NTP authentication, ACLs on the routers are necessary to ensure proper communication. NTP becomes more of an issue now that CallManagers are using certificates because the modification of the network time can invalidate certificates. For example:
1. Attacker changes year to 2006
2. Certificates are issued with a start year of 2006
3. Attacker changes year back to 2005
In other words, issuing certificates with a start year of "2006" and then means that those devices will not be able to function properly until 2006. NTP could be used as a form of denial of service. This is a request to provide NTP authentication support in the CallManagers to work with Cisco IOS NTP authentication, to be used in conjunction with ACLs.
We filed a DDTS for this as an enhancement.