On Thu, 8 Dec 2016 10:47, Per Jessen wrote:
Andrei Borzenkov wrote:
On Thu, Dec 8, 2016 at 12:30 PM, Per Jessen wrote:
I got it building now, but for my setup, even with '--enable-classic-mode', sofar I'm missing 'broadcastclient' and 'multicastclient' - it's not a drop-in replacement.
--><-- The broadcast/multicast scheme is deprecated in NTPsec due to irreparable security flaws. Client-side support has been removed. Server-side support remains present but may be removed in a future version, and its use is strongly discouraged. --><--
Yep, I posted on the ntpsec user list too, and ESR told me the same.
I probably can't quite grasp all the security implications, but using those options in a closed network doesn't seem the be overly risky?
I followed such a discussion some years ago, in the end the consent was: ... broadcast/multicast is "theoretically" acceptable for a closed, "management only" network. BUT, (and notice the capitals) how could we (as programmers) ensure that these conditions (closed, "management only") are kept in the reality out there? - The answer is: we can not, and thus for the safety of all, let's not include such potential security risk, other long lived projects (such as ntp, xorg, dns, ssl) have shown that such code will be the first to deteriorate and open the doors for attacks. IMHO, network traffic has become to cheap to ensure that the network-management people are trained enough to ensure a reliably safe setup in 'el-cheapo' (dsl-/docsis-/lte-)routers and gateways to allow such a potential risk to get in the base code at all. May be in a dedicated software (call it "ntp-mutlicast-server/client") with the appropriate warning, and a "never ever route at all, not even go over vpn" code. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org