ntpd vulnerabilities

[Poul-Henning Kamp]

--------
In message <1419274938.916478.205831685.0E7433EA at webmail.messagingengine.com>, 
Mark Felder writes:
>On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote:
>> I'd like to propose that FreeBSD move to OpenNTPD, which appears to 
>> have none of the
>> fixed or unfixed (!) vulnerabilities that are present in ntpd. 
>> There's already a port.
>
>Historically OpenNTPD has been dismissed as a candidate because of its
>reduced accuracy and missing security features. For example, it doesn't
>implement the NTPv4 functionality or authentication.

The entire question of authenticated time-protocols is very, very
hairy.

The currently available protocols leave a lot to be desired, both
in terms of timekeeping, cryptography or (DoS) attack resistance.

Most people who need authenticated time run their own stratum-1
server, typically with a GPS receiver, some times more elaborate
than that.

My main objection to OpenNTPD is not the lack of crypto, but
that it's timekeeping isn't good enough, and that it is an
evolutionary dead end.

As you may have noticed I released a first preview of Ntimed
yesterday.   My goals for the ntimed-client program can almost be
summarized as  "Replacement for NTPD in FreeBSD's base system".

I don't think it makes sense to take the discussion if we should
import Ntimed into FreeBSD's source tree, until I have the first
production release ready.  There are good arguments both ways so
details will matter.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.