the MSNTP feature and author, Andrew Bartlett

Hal Murray hmurray at
Mon May 25 06:35:38 UTC 2020

> bottom of docs/ntpsec.adoc

That's under Future directions.
It says:

> * Now that we have full Network Time Security, a near-future
>   direction is to remove older insecure authentication methods (MAC
>   and MS-SNTP). 

I'd be happy to drop MS-SNTP, especially if we don't have any users.

I think it will be a long time before we drop shared-key (MAC) support.  NIST 
supports it.  The (relatively) recent upgrade to use AES (RFC 8573, Jun 2019) 
indicates that there is (was) interest.  I think we should clean it up by 
putting the MAC into an extension and drop the current MAC finding kludgery 
(RFC 7822).

> I assume there are no reporting users?  Would a blog entry help, in eliciting
> response? 

A blog page seems like a good idea, especially if it says "tell us if you use 
it" for MS-SNTP.

These are my opinions.  I hate spam.

More information about the devel mailing list