Are we going to have a no-NTS-KE build option?
Hal Murray
hmurray at megapathdsl.net
Wed Jan 23 20:11:45 UTC 2019
> James, you are correct. Privileged ntpq functions require the crypto.
Not quite.
Privileged operations require a password, but it is sent in the clear. There
is no crypto on that path. The packet format doesn't support it. We could
fix that at the cost of breaking compatibility.
The crypto is used for making cookies. They are used to prevent DDoS
amplification.
> Hal, I don't see requiring libcrypto/lssl as a problem. At this point I'm
> more interested in reducing our range of build variants than I am in snipping
> off dependencies towards a (rather theoretical) crypto-less build.
Should I remove --disable-dns-lookup?
--
These are my opinions. I hate spam.
More information about the devel
mailing list