[ntp:hackers] Re: configuration file rewrite

David L. Mills mills at udel.edu
Fri Mar 3 19:45:25 UTC 2006


"Allow/deny" is brilliant. Now, distinguish between what you allow 
others to see and what you believe of them. Then, play back this issue 
separately for each peer mode, including the monitor/control modes. Make 
a table and color in the options. From the colors you defined what bits 
are needed and how packets are filtered. Circulate the colored table to 
the NTP working group and only after agreement design the filters. 
That's not hard at all and would stimulate helpful discussion and, by 
the way, become targets for the standard.

The existing packet filter code was built by Dennis Fergusson in 1988, 
but modified by me only once. The ONLY modifications was to interpret 
the notrust option as allowing trust only if authenticated by symmetric 
or public key cryptography. Otherwise, the former behavior was retained. 
A similar modification was done for the nomobilize option. A number of 
mudslingers apparently believe I did something more wicked than that.


Martin Burnicki wrote:

> John,
> John Pettitt wrote:
>> Martin Burnicki wrote:
>>> If the configuration file code is being rewritten, what do you all think
>>> about replacing the "restrict" parameter by something like "allow" 
>>> and/or
>>> "deny", like it is used by other programs?
>>> As we can see in the newsgroup, usage of "restrict" is often found
>>> ambiguous, and misunderstood by users, especially since its meaning has
>>> changed some time ago.
>>> Martin
>> Whatever happens in the rewrite please please please don't change the
>> meaning of any existing config keywords (by all means deprecate them if
>> needed just don't re-use them to mean something else)- if something new
>> is needed use a new keyword - having the same keyword mean different
>> things in different versions of a program is grounds for an F in my book.
> The meaning of the "restrict" keyword has already happened in the 
> past, and I
> agree that this was not a good thing.
> What I meant in my original mail is that people who are not so 
> familiar with
> NTP might misunderstand the meaning of the parameter.
> I'm not a native English speaking person, but from my understanding 
> (and if I
> have a look at the NG, also from other users' understanding) the term
> "restrict myhost" could easily be meant in 2 ways:
> 1.) access is restricted _to_ my host, my host is the only one who has 
> access.
> In other words "allow myhost, deny all".
> 2.) access _from_ my host is restricted, my host does not have access, 
> others
> may have. In other words "deny myhost"
> So my suggestion is to think about removing the word "restrict" from the
> keyword list, and add the words "allow" and "deny" (or similar) 
> instead to
> make things clearer.
> BTW, I'll forward this to Dave since Harlan has reminded me that Dave 
> is not
> on this list anymore.
> Martin

More information about the hackers mailing list