From owner-freebsd-current@FreeBSD.ORG Mon Feb 24 11:33:13 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DA907EDC for ; Mon, 24 Feb 2014 11:33:13 +0000 (UTC) Received: from mail.lhr1.as41113.net (mail.lhr1.as41113.net [91.208.177.22]) by mx1.freebsd.org (Postfix) with ESMTP id 92E8D19F8 for ; Mon, 24 Feb 2014 11:33:13 +0000 (UTC) Received: from [172.21.87.41] (unknown [212.9.98.193]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: lists@rewt.org.uk) by mail.lhr1.as41113.net (Postfix) with ESMTPSA id 3fXh3r1tJfz7rC7 for ; Mon, 24 Feb 2014 11:33:28 +0000 (UTC) Message-ID: <530B2DEE.3030808@rewt.org.uk> Date: Mon, 24 Feb 2014 11:33:02 +0000 From: Joe Holden User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent) References: <20140223211155.GS1699@ithaqua.etoilebsd.net> <530B13CA.6000005@rewt.org.uk> <33612.1393235765@critter.freebsd.dk> <20140224100036.GA1699@ithaqua.etoilebsd.net> <530B2500.5030608@rewt.org.uk> <37319.1393239415@critter.freebsd.dk> <530B2750.3050200@rewt.org.uk> <20140224110842.GA83610@ithaqua.etoilebsd.net> <530B2953.3030901@rewt.org.uk> <20140224111745.GA13864@roberto-aw.eurocontrol.fr> <530B2C7E.3050208@rewt.org.uk> In-Reply-To: <530B2C7E.3050208@rewt.org.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 11:33:13 -0000 On 24/02/2014 11:26, Joe Holden wrote: > On 24/02/2014 11:18, Ollivier Robert wrote: >> According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +0000: >>> hm, I can't say I have noticed this as being a problem where I've >>> used it, are there any scenarios where this is a showstopper? >> >> Non-support for auth is a concern, lack of NTPv4 protocol support is >> another. Base ntpd also include SNTP which is a lightweight NTPv3 >> client. >> > I suspect if you can't be reasonably sure about the integrity of your > network traffic you have other problems anyway... one can run ntpd -s to > get a similar function to ntpdate/sntp. > > But again, for 99% of installs as a client, auth and/or ntpv4 doesn't > matter and much like sendmail/dma, one can always install ntp.org from > ports if they require authentication (I've never seen it used). The other point I should make here is that if you care that much about time security you shouldn't be contacting ntp servers over 3rd party networks anyway, at least not without some IP-level encryption/authentication, or use a source that can't easily be used as an attack surface, such as GPS/MSF etc.