From owner-freebsd-current@FreeBSD.ORG  Mon Feb 24 13:52:30 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4B5CB1D3
 for <freebsd-current@freebsd.org>; Mon, 24 Feb 2014 13:52:30 +0000 (UTC)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
 by mx1.freebsd.org (Postfix) with ESMTP id 08B26188D
 for <freebsd-current@freebsd.org>; Mon, 24 Feb 2014 13:52:29 +0000 (UTC)
Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.61.3])
 by phk.freebsd.dk (Postfix) with ESMTP id D4D8C3EB40;
 Mon, 24 Feb 2014 13:52:28 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
 by critter.freebsd.dk (8.14.7/8.14.7) with ESMTP id s1ODqRg9045249;
 Mon, 24 Feb 2014 13:52:28 GMT (envelope-from phk@phk.freebsd.dk)
To: Joe Holden <lists@rewt.org.uk>
Subject: Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)
In-reply-to: <530B2DEE.3030808@rewt.org.uk>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <20140223211155.GS1699@ithaqua.etoilebsd.net>
 <CAFY7cWBh0ThajQpK4wZYj0wPrhTL608wtNDQNvOLnryjp4_jCg@mail.gmail.com>
 <530B13CA.6000005@rewt.org.uk> <33612.1393235765@critter.freebsd.dk>
 <20140224100036.GA1699@ithaqua.etoilebsd.net> <530B2500.5030608@rewt.org.uk>
 <37319.1393239415@critter.freebsd.dk> <530B2750.3050200@rewt.org.uk>
 <20140224110842.GA83610@ithaqua.etoilebsd.net> <530B2953.3030901@rewt.org.uk>
 <20140224111745.GA13864@roberto-aw.eurocontrol.fr>
 <530B2C7E.3050208@rewt.org.uk> <530B2DEE.3030808@rewt.org.uk>
Content-Type: text/plain; charset=ISO-8859-1
Date: Mon, 24 Feb 2014 13:52:27 +0000
Message-ID: <45248.1393249947@critter.freebsd.dk>
Cc: freebsd-current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 13:52:30 -0000

In message <530B2DEE.3030808@rewt.org.uk>, Joe Holden writes:

>The other point I should make here is that if you care that much about 
>time security you shouldn't be contacting ntp servers over 3rd party 
>networks anyway, at least not without some IP-level 
>encryption/authentication, or use a source that can't easily be used as 
>an attack surface, such as GPS/MSF etc.

Please check how NTP is authenticated before giving bad advice,
it's all in the RFC.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.