Deciding what modes to keep.
Daniel Franke
dfoxfranke at gmail.com
Fri Sep 30 00:30:49 UTC 2016
On Sep 29, 2016 8:22 PM, "Eric S. Raymond" <esr at thyrsus.com> wrote:
>
> Gary E. Miller <gem at rellim.com>:
> > > But we have one mission imperative that trumps drop-in replacement:
> > > security. And what makes these modes targets for removal is that,
> > > according to Daniel, there are fundamentally impossible to secure.
> >
> > I would split that hair. Maybe ntpd could still send broadcast, there
> > are a lot of legacy clients that can not be updated. But not
> > accept broadcast in.
>
> That is an interesting idea!
>
> > I not exactly sure what modes you are dropping, but dropping 'peer'
> > mode would be a serious PITA for the isntalled base. Trying to
> > update an old router, without a support contract, is pretty much
> > impossible. At least not without some license or legal violation.
>
> Ordinary peer mode is unicast, yes? No way we'd ever drop that.
Peer mode is a synonym for symmetric mode which we discussed on the phone
earlier today. It has some security problems and no good justification for
existing, and when we discussed it at IETF 96 nobody knew of any users. My
NTS proposal will be able to solve the security issues. In contrast, I
don't currently have any solution for securing broadcast clients.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160929/a5845be4/attachment.html>
More information about the devel
mailing list