From owner-freebsd-security@freebsd.org Sat Apr 30 14:27:28 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19968B222FA for ; Sat, 30 Apr 2016 14:27:28 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id D6DE91D3B for ; Sat, 30 Apr 2016 14:27:26 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id A87194F57A; Sat, 30 Apr 2016 14:27:19 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTP id u3UERHcB046859; Sat, 30 Apr 2016 14:27:17 GMT (envelope-from phk@phk.freebsd.dk) To: Christian Weisgerber cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp In-reply-to: From: "Poul-Henning Kamp" References: <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> <1461929003.67736.2.camel@yandex.com> <201604300015.u3U0FB3k058050@lorvorc.mips.inka.de> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <46857.1462026437.1@critter.freebsd.dk> Content-Transfer-Encoding: quoted-printable Date: Sat, 30 Apr 2016 14:27:17 +0000 Message-ID: <46858.1462026437@critter.freebsd.dk> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 14:27:28 -0000 -------- In message , Christian Weisger= ber w rites: >On 2016-04-29, Roger Marquis wrote: > >>> While I cannot speak for anyone other than myself, the two simply aren= 't >>> equivalent. As a conscious design choice, OpenNTPD trades off accurac= y >>> for code simplicity. >> >> IIRC openntpd is accurate down to ~100ms. > >I have no idea where you get that absurd number from. OpenNTPD is >accurate at least down to 1 ms. I don't have better time sources. Uhm.... So I hate to be pedantic, but "accurate to 1msec" means: Clock is UTC+/- 1msec = The "accuracy" you claim, and the numbers you report to back it up means: Clock is within 1 msec of half the filtered RTT the chosen peer. By pure chance your clock might be accurate to 1msec, but you have no way of knowing from the numbers you report, and it is virtually impossible to prove without a GPS or similar non-network time source. If the numbers you report always look like that, it would be correct to claim that it "can track to within 1msec". But don't worry: Accuracy is not the important part of timekeeping anyway. Stability is far more valuable than accuracy, because you can compensate inaccuracy with any desired precision, but there is only the genuine article when it comes to stability. If your peer-offset is always less than a millisecond, chances are good that you are yanking your clock around to track changes in network delay which ruins both stability and accuracy. The best explanation of all this is John R. Vig's Quartz Tutorial which is freely available on the web - highly recommended: http://www.am1.us/Local_Papers/U11625%20VIG-TUTORIAL.pdf Poul-Henning -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= .