From owner-freebsd-security@freebsd.org Sat Apr 30 11:30:17 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B50DFAEE4DD for ; Sat, 30 Apr 2016 11:30:17 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CA4610AB for ; Sat, 30 Apr 2016 11:30:16 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (p5B227762.dip0.t-ipconnect.de [91.34.119.98]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id u3UBSfAL012753; Sat, 30 Apr 2016 13:28:41 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id u3UBU89c010446; Sat, 30 Apr 2016 13:30:08 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id u3UBTjWL055247; Sat, 30 Apr 2016 13:29:57 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201604301129.u3UBTjWL055247@fire.js.berklix.net> To: Roger Marquis cc: "Matthew X. Economou" , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp From: "Julian H. Stacey" Organization: http://berklix.eu BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.eu/free/ X-URL: http://www.berklix.eu In-reply-to: Your message "Fri, 29 Apr 2016 16:43:16 -0700." <201604292342.u3TNg4uU007758@slim.berklix.org> Date: Sat, 30 Apr 2016 13:29:45 +0200 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 11:30:17 -0000 Roger Marquis wrote: > >> What are the reasons FreeBSD has not deprecated ntpd in favor of > >> openntpd? > > > > While I cannot speak for anyone other than myself, the two simply aren't > > equivalent. As a conscious design choice, OpenNTPD trades off accuracy > > for code simplicity. > > IIRC openntpd is accurate down to ~100ms. Ntpd does have a lot of > code dedicated to additional accuracy but this is exactly the security > trade-off I want to avoid. Who needs millisecond accuracy anyway? AMD + NFS makes on a LAN. 1/10 second seems insufficient. ( Though one could run a faster less secure NTP on a local LAN behind a firewall, & a slower more secure NTP on a WAN, (so a FreeBSD gate would need both NTPs ) ). Cheers, Julian -- Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich http://berklix.eu/jhs/ Mail plain text, No quoted-printable, HTML, base64, MS.doc. Prefix old lines '> ' Reply below old, like play script. Break lines by 80. Let Brits in EU vote on Brexit https://petition.parliament.uk/petitions/112142 Lie to companies extorting personal data: Prevent abuse, loss & ID theft.