Date: Sat, 30 Apr 2016 13:29:45 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: Roger Marquis <marquis@roble.com> Cc: "Matthew X. Economou" <xenophon@irtnog.org>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp Message-ID: <201604301129.u3UBTjWL055247@fire.js.berklix.net> In-Reply-To: Your message "Fri, 29 Apr 2016 16:43:16 -0700." <201604292342.u3TNg4uU007758@slim.berklix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis wrote: > >> What are the reasons FreeBSD has not deprecated ntpd in favor of > >> openntpd? > > > > While I cannot speak for anyone other than myself, the two simply aren't > > equivalent. As a conscious design choice, OpenNTPD trades off accuracy > > for code simplicity. > > IIRC openntpd is accurate down to ~100ms. Ntpd does have a lot of > code dedicated to additional accuracy but this is exactly the security > trade-off I want to avoid. Who needs millisecond accuracy anyway? AMD + NFS makes on a LAN. 1/10 second seems insufficient. ( Though one could run a faster less secure NTP on a local LAN behind a firewall, & a slower more secure NTP on a WAN, (so a FreeBSD gate would need both NTPs ) ). Cheers, Julian -- Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich http://berklix.eu/jhs/ Mail plain text, No quoted-printable, HTML, base64, MS.doc. Prefix old lines '> ' Reply below old, like play script. Break lines by 80. Let Brits in EU vote on Brexit https://petition.parliament.uk/petitions/112142 Lie to companies extorting personal data: Prevent abuse, loss & ID theft.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604301129.u3UBTjWL055247>