Usefuleness of noval

Richard Laager rlaager at wiktel.com
Thu Mar 28 02:11:23 UTC 2019


On 3/27/19 6:07 PM, Gary E. Miller via devel wrote:
> On Wed, 27 Mar 2019 15:57:16 -0700
> Hal Murray via devel <devel at ntpsec.org> wrote:
> 
>> Richard Laager  said:
>>> Does NTS with noval actually buy us anything over plain NTP?  
>>
>> It's handy for debugging.
> 
> Yes.  Otherwise NTPsec could not have reached 100% at the hackathon.
> That would have been bad...
> 
>> It breaks security if the bad guy can do a MITM.
> 
> Only if the cert is not pinned.

Agreed on all counts.

>> I was thinking along the same lines.  Should we have a command line
>> switch, say "--secure", that requires nts (without noval) or shared
>> key on all servers?

I'm not sure how that helps in practice. Either someone is going to
configure their ntp.conf that way or they're not.

>> Or make that the default, and require --insecure
>> for testing.
> 
> I could see the use for --insecure.  --secure does not need an option, it
> should be the default.

I assume that a LOT of people use the pool, especially since that is how
distros default, so requiring NTS as the default is a non-starter
unless/until the (or another large public) pool supports NTS.

> The problem with command line options is that systemd makes them harder
> to change than before.
I agree that it is slightly harder to manually change just the command
line options via systemd than sysvinit. This is assuming you have gone
"full systemd" and eliminated the /etc/defaults/ntp file, which is a
reasonable assumption and the approach taken here (upstream NTPsec).

The Debian packaging is keeping a /etc/defaults/ntpsec file to stay
similar to the NTP Classic packaging and to keep systemd and sysvinit as
consistent as possible for ntpd. Debian is keeping sysvinit for various
reasons (including choice on Linux and for the kFreeBSD port). If I was
only supporting systemd, I'd go "full systemd" and drop the
/etc/defaults/ntpsec file.

Changing command line options in the config is a wash to slightly easier
if you are deploying that change via at least some automated
configuration approaches, since you are creating a new file rather than
editing a file.

> It should prolly be an ntp.conf options.  But
> then it just duplicates "noval".

Agreed.

I think the existing "noval" is fine.

-- 
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190327/19b6d6de/attachment.bin>


More information about the devel mailing list