SINGLESOCK - How much to strip away?
Eric S. Raymond
esr at thyrsus.com
Sat Jun 2 19:08:52 UTC 2018
Gary E. Miller via devel <devel at ntpsec.org>:
> Yo Eric!
>
> On Sat, 2 Jun 2018 10:27:05 -0400
> "Eric S. Raymond via devel" <devel at ntpsec.org> wrote:
>
> > Hal Murray via devel <devel at ntpsec.org>:
> > > One interesting case is the home user. Roughly, they don't have
> > > sysadmins and they only have one interface. (Laptops might have
> > > both WiFi and Ether, but I'll bet somebody turns off WiFi if the
> > > Ether gets plugged in.)
> >
> > For them, just defaulting to listen on the wildcard address is OK.
> > I think. Am I missing something?
>
> Yes. For example, imagine you are serving leap smeared time on yout
> ntpd. You do not want it leaking on the internet. So instead you lock
> your ntpd to serve just your inside interface, and your internal IPs.
>
> The easy way to server your internal IPs is to assign your ntpd to your
> internal non-routed local private IPv4 numbers.
>
> You may say that can be duplicate in your firewall settings. But maybe
> you want to run two ntpd, one leap smeared, one normal. And you want to
> put one on one interface/address, and the other on another interface/address.
>
> Both quite common configurations.
For a home user????
I think we're failing to distinguish some cases here.
Mark, would you explain how you think an admin would handle such a scenario
under Case OMEGA? I certainly don't have a clue.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180602/d45e072d/attachment.bin>
More information about the devel
mailing list