Deciding what modes to keep.
Eric S. Raymond
esr at thyrsus.com
Fri Sep 30 00:22:02 UTC 2016
Gary E. Miller <gem at rellim.com>:
> > But we have one mission imperative that trumps drop-in replacement:
> > security. And what makes these modes targets for removal is that,
> > according to Daniel, there are fundamentally impossible to secure.
>
> I would split that hair. Maybe ntpd could still send broadcast, there
> are a lot of legacy clients that can not be updated. But not
> accept broadcast in.
That is an interesting idea!
> I not exactly sure what modes you are dropping, but dropping 'peer'
> mode would be a serious PITA for the isntalled base. Trying to
> update an old router, without a support contract, is pretty much
> impossible. At least not without some license or legal violation.
Ordinary peer mode is unicast, yes? No way we'd ever drop that.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160929/de01cee3/attachment.bin>
More information about the devel
mailing list