Are we going to have a no-NTS-KE build option?

Eric S. Raymond esr at thyrsus.com
Wed Jan 23 22:35:25 UTC 2019 

Hal Murray <hmurray at megapathdsl.net>:
> 
> > James, you are correct.  Privileged ntpq functions require the crypto.
> 
> Not quite.
> 
> Privileged operations require a password, but it is sent in the clear.  There 
> is no crypto on that path.  The packet format doesn't support it.  We could 
> fix that at the cost of breaking compatibility.

Can't see the point of doing that unless we're going to scrap the existing
mode 6 for a better design.  Which I'd enjoy doing, but I don't see it as
very important - ntpq works fine for its common use cases, it's just kind
of nasty if you look under the hood.

Generally Mills's design choices can be described as...hm...quirky,
but pretty tasteful and occasionally quite brilliant considering the
technology constraints he was working under.  Not on Mode 6. Parts
of that are just inexplicably bad in ways that would have been just
as easy to get right.

The two worst things are:

1. To interpret responses correctly your client needs to know whether
the query was for system variables or not.  That's just *wrong*, bad
design - that bit ought to be included in the invariant portion of
each response so the client code can be stateless.  But it can't be -
I looked, and there aren't any spare bits in the response header.

2. The strange half-assed combination of a binary header block with a
text payload - all the disadvantages of both choices and the advantages
of neither.  It's like Mills got 85% of the way to JSON in his mind
but had a paralyzing attack of EE thinking and didn't follow through.

(EE thinking = "Every bit is sacred!  Wire protocols must bever waste
even one, even if this makes them fragile and unreasonably difficult
to troubleshoot.")

> > Hal, I don't see requiring libcrypto/lssl as a problem.  At this point I'm
> > more interested in reducing our range of build variants than I am in snipping
> > off dependencies towards a (rather theoretical) crypto-less build. 
> 
> Should I remove --disable-dns-lookup?

If you don't see a concrete use case for it, yes, do that.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list