Security and standalone Stratum 1.

Gary E. Miller gem at rellim.com
Wed May 11 18:34:13 UTC 2016


Yo Eric!

On Wed, 11 May 2016 14:28:05 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:

> Gary E. Miller <gem at rellim.com>:
> > 5. Disallow internal system to seek NTP from other sources beyond
> > your edge routers.  
> 
> But now I learn that we apparently can't do that, because (according
> to Gary) a Stratum 1 requires a minimum of three good chimers for the
> source-selection algoritms to stay sane.

Well, 'requires' is an interesting word.  ntpd will work with just
one preferred refclock and no peers/servers, but it is not a good
idea.

In the last day there have been many horror stories of GPS and NTP
gone wild to bad effect.  Redundancy is the answer.

> This strkes me as a problem.  Note to self: investigate orphan mode. 

And read the current thread "Re: NIST NTP Servers" for the current state
of understanding of people that should know better.  Many useful war
stories and some frightful cluelessness.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160511/8b508553/attachment.bin>


More information about the devel mailing list