Hash function support, MD5 / SHA256, strawman proposal
Kurt Roeckx
kurt at roeckx.be
Fri Jan 27 23:26:04 UTC 2017
On Fri, Jan 27, 2017 at 03:00:42PM -0800, Hal Murray wrote:
>
> fallenpegasus at gmail.com said:
> > How hard would the following be?
> > Just go ahead and add SHA256 to NTPsec then Write an I-D modifying the NTP4
> > protocol documenting it. then Write a patch to NTP classic for it.
> > (yes, I know, icky code)
>
> I think you are overlooking how long it takes to update the installed base.
Just to compare this with SSL/TLS. SSLv3 exists since 1996. There
are still webservers on the internet that only speak SSLv2 in the top
1 million sites. So if you really care that you can still talk to
all servers, you would need to support things for over 20 years.
But at a certain point we're willing to break things. No modern
webbrowser will talk to those servers. And if they want you to
talk to them, they'll just have to upgrade. And the question
really becomes how much you're willing to break. And it seems that
most people don't care about 0.1%.
> CentOS 6.8 and NetBSD 6.1.5 are still shipping ntp 4.2.6p5
> (I assume they have back ported all the important security patches.)
> 4.2.8 was released at the end of 2014
I think redhat supports their release for 10 years, so you'll
probably still get near 10 years that you might see 4.2.6 servers.
Kurt
More information about the devel
mailing list