From owner-freebsd-current@FreeBSD.ORG Mon Feb 24 13:52:30 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4B5CB1D3 for ; Mon, 24 Feb 2014 13:52:30 +0000 (UTC) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 08B26188D for ; Mon, 24 Feb 2014 13:52:29 +0000 (UTC) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.61.3]) by phk.freebsd.dk (Postfix) with ESMTP id D4D8C3EB40; Mon, 24 Feb 2014 13:52:28 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.7/8.14.7) with ESMTP id s1ODqRg9045249; Mon, 24 Feb 2014 13:52:28 GMT (envelope-from phk@phk.freebsd.dk) To: Joe Holden Subject: Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent) In-reply-to: <530B2DEE.3030808@rewt.org.uk> From: "Poul-Henning Kamp" References: <20140223211155.GS1699@ithaqua.etoilebsd.net> <530B13CA.6000005@rewt.org.uk> <33612.1393235765@critter.freebsd.dk> <20140224100036.GA1699@ithaqua.etoilebsd.net> <530B2500.5030608@rewt.org.uk> <37319.1393239415@critter.freebsd.dk> <530B2750.3050200@rewt.org.uk> <20140224110842.GA83610@ithaqua.etoilebsd.net> <530B2953.3030901@rewt.org.uk> <20140224111745.GA13864@roberto-aw.eurocontrol.fr> <530B2C7E.3050208@rewt.org.uk> <530B2DEE.3030808@rewt.org.uk> Content-Type: text/plain; charset=ISO-8859-1 Date: Mon, 24 Feb 2014 13:52:27 +0000 Message-ID: <45248.1393249947@critter.freebsd.dk> Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 13:52:30 -0000 In message <530B2DEE.3030808@rewt.org.uk>, Joe Holden writes: >The other point I should make here is that if you care that much about >time security you shouldn't be contacting ntp servers over 3rd party >networks anyway, at least not without some IP-level >encryption/authentication, or use a source that can't easily be used as >an attack surface, such as GPS/MSF etc. Please check how NTP is authenticated before giving bad advice, it's all in the RFC. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.