Deciding what modes to keep.
Eric S. Raymond
esr at thyrsus.com
Thu Sep 29 23:19:28 UTC 2016
Mark, heads up! Possible policy/PR issue.
I have merged Daniel Franke's refactoring of the NTP protocol machine.
It seems to work. However, there are some operation modes of Classic
that may be broken and need fixing.
After the refactor:
(1) Interleave mode is outright gone. This is OK, as it never actually
worked right; Daniel found a bug in the timestamp handling.
(2) Broadcast and symmetric modes may now be broken. Or possibly they
should be removed; that is the question.
Most of the time NTP hosts use simple unicast connections - communications
are in effect bidirectional pipes between one one client and one server. (Of
course each client and server may have multiple such associations).
Symmetric mode is a special mode two NTP hosts can enter when they are
mutually clients to each other; it cuts packet traffic in half. It's
just a performance hack - synchronization behavior
Daniel reports that broadcast modes (including multicast and manycast
modes) are, basically, impossible to secure. They are vulnerable to
replay attacks; one such was reported in June 2016.
So, the question for our domain experts is, are there any serious use
cases for broadcast modes? They cost a lot in configuration and
code complexity; it would be nice to just drop them. How much
screaming might that cause from actual users?
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel