Are we going to have a no-NTS-KE build option?

Hal Murray hmurray at megapathdsl.net
Wed Jan 23 20:11:45 UTC 2019


> James, you are correct.  Privileged ntpq functions require the crypto.

Not quite.

Privileged operations require a password, but it is sent in the clear.  There 
is no crypto on that path.  The packet format doesn't support it.  We could 
fix that at the cost of breaking compatibility.

The crypto is used for making cookies.  They are used to prevent DDoS 
amplification.


> Hal, I don't see requiring libcrypto/lssl as a problem.  At this point I'm
> more interested in reducing our range of build variants than I am in snipping
> off dependencies towards a (rather theoretical) crypto-less build. 

Should I remove --disable-dns-lookup?


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list