From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 19:12:40 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7B6D82F9; Mon, 22 Dec 2014 19:12:40 +0000 (UTC) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 3BF211CEE; Mon, 22 Dec 2014 19:12:40 +0000 (UTC) Received: from critter.freebsd.dk (unknown [192.168.60.3]) by phk.freebsd.dk (Postfix) with ESMTP id C3D1A3B9D8; Mon, 22 Dec 2014 19:12:37 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.9/8.14.9) with ESMTP id sBMJCaXI022926; Mon, 22 Dec 2014 19:12:37 GMT (envelope-from phk@phk.freebsd.dk) To: Mark Felder Subject: Re: ntpd vulnerabilities In-reply-to: <1419274938.916478.205831685.0E7433EA@webmail.messagingengine.com> From: "Poul-Henning Kamp" References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <201412221745.KAA28186@mail.lariat.net> <1419274938.916478.205831685.0E7433EA@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <22924.1419275556.1@critter.freebsd.dk> Content-Transfer-Encoding: quoted-printable Date: Mon, 22 Dec 2014 19:12:36 +0000 Message-ID: <22925.1419275556@critter.freebsd.dk> Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 19:12:40 -0000 -------- In message <1419274938.916478.205831685.0E7433EA@webmail.messagingengine.c= om>, = Mark Felder writes: >On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: >> I'd like to propose that FreeBSD move to OpenNTPD, which appears to = >> have none of the >> fixed or unfixed (!) vulnerabilities that are present in ntpd. = >> There's already a port. > >Historically OpenNTPD has been dismissed as a candidate because of its >reduced accuracy and missing security features. For example, it doesn't >implement the NTPv4 functionality or authentication. The entire question of authenticated time-protocols is very, very hairy. The currently available protocols leave a lot to be desired, both in terms of timekeeping, cryptography or (DoS) attack resistance. Most people who need authenticated time run their own stratum-1 server, typically with a GPS receiver, some times more elaborate than that. My main objection to OpenNTPD is not the lack of crypto, but that it's timekeeping isn't good enough, and that it is an evolutionary dead end. As you may have noticed I released a first preview of Ntimed yesterday. My goals for the ntimed-client program can almost be summarized as "Replacement for NTPD in FreeBSD's base system". I don't think it makes sense to take the discussion if we should import Ntimed into FreeBSD's source tree, until I have the first production release ready. There are good arguments both ways so details will matter. -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= .