Security and standalone Stratum 1.
Gary E. Miller
gem at rellim.com
Wed May 11 18:34:13 UTC 2016
Yo Eric!
On Wed, 11 May 2016 14:28:05 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> Gary E. Miller <gem at rellim.com>:
> > 5. Disallow internal system to seek NTP from other sources beyond
> > your edge routers.
>
> But now I learn that we apparently can't do that, because (according
> to Gary) a Stratum 1 requires a minimum of three good chimers for the
> source-selection algoritms to stay sane.
Well, 'requires' is an interesting word. ntpd will work with just
one preferred refclock and no peers/servers, but it is not a good
idea.
In the last day there have been many horror stories of GPS and NTP
gone wild to bad effect. Redundancy is the answer.
> This strkes me as a problem. Note to self: investigate orphan mode.
And read the current thread "Re: NIST NTP Servers" for the current state
of understanding of people that should know better. Many useful war
stories and some frightful cluelessness.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160511/8b508553/attachment.bin>
More information about the devel
mailing list