[ntp:hackers] Protocol specification modification for MS-SNTP

David Mills mills at udel.edu
Fri Jul 10 13:58:08 UTC 2009


Martin,

Will you get off this perch? Once upon a time OpenSSL was rare and a 
suitable condition to build Autokey. That is about to change, as OpenSSL 
will be necessary to support digest algorithms other than MD5, in which 
case Autokey will not be compiled by defatault in the software that 
leaves here. Neither will MS-SNTP. You are right that most folks use 
binaries, but the binaries are not built here; they are built by the 
Linux, FreeBSD and Solaris folks, who know exactly which packages their 
clients will need.

I think we are done here.

Dave

Martin Burnicki wrote:

>Harlan,
>
>Harlan Stenn wrote:
>
>>Folks,
>>
>>I just wanted to mention that from my POV this discusison seems to point
>>out that:
>>
>>- ntp needs to be robust and support a bunch of things.
>>- different people will want to disable/enable various non-default
>>  'configure' choices to meet their local policy needs.
>>
>>Assuming the above is true, it means:
>>
>>- we need to be sure that NTP *can* handle the needs of as much of its
>>  userbase as possible
>>- we must strive to make implementing these non-default 'configure'
>>  choices as clear and painless as possible
>>
>>and what we are discussing are the pros/cons (or costs/benefits) of the
>>various default choices we offer in 'configure' (and sometimes the
>>ntp.conf file).
>>
>
>Agreed. Please keep in mind most people who *use* NTP don't *build* it
>by themselves. That's why I'm voting to include most commonly used
>features in the default build configuration, and if they need to be
>enabled/disabled provide a way to do this at runtime.
>
>For example, see the openssl support which is included by default simply
>if the openssl headers are found at compile time.
>
>What do you think how many people are using autokey, compared to the
>number of people who don't use it? Most people who just want to have
>their machines running with the "right time" simply use some pool
>servers for which autokey wouldn't work, anyway.
>
>Following the argumentation not to include support for MS auth by
>default, maybe openssl support should also be excluded by default in
>order to yield smaller binaries, so those who want to use autokey can
>twiddle with the build configuration options and compile binaries
>matching their specific preferences.
>
>I want to make explicitely clear that the above statement is
>hypothetical, it's *not* my real opinion.
>
>
>Martin
>



More information about the hackers mailing list