SINGLESOCK - How much to strip away?
Eric S. Raymond
esr at thyrsus.com
Sat Jun 2 19:08:52 UTC 2018
Gary E. Miller via devel <devel at ntpsec.org>:
> Yo Eric!
> On Sat, 2 Jun 2018 10:27:05 -0400
> "Eric S. Raymond via devel" <devel at ntpsec.org> wrote:
> > Hal Murray via devel <devel at ntpsec.org>:
> > > One interesting case is the home user. Roughly, they don't have
> > > sysadmins and they only have one interface. (Laptops might have
> > > both WiFi and Ether, but I'll bet somebody turns off WiFi if the
> > > Ether gets plugged in.)
> > For them, just defaulting to listen on the wildcard address is OK.
> > I think. Am I missing something?
> Yes. For example, imagine you are serving leap smeared time on yout
> ntpd. You do not want it leaking on the internet. So instead you lock
> your ntpd to serve just your inside interface, and your internal IPs.
> The easy way to server your internal IPs is to assign your ntpd to your
> internal non-routed local private IPv4 numbers.
> You may say that can be duplicate in your firewall settings. But maybe
> you want to run two ntpd, one leap smeared, one normal. And you want to
> put one on one interface/address, and the other on another interface/address.
> Both quite common configurations.
For a home user????
I think we're failing to distinguish some cases here.
Mark, would you explain how you think an admin would handle such a scenario
under Case OMEGA? I certainly don't have a clue.
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the devel