[ntp:questions] Re: Can you test my server please.
kostecke at ntp.isc.org
Mon Nov 29 20:11:24 UTC 2004
On 2004-11-29, Danny Mayer <mayer at gis.net> wrote:
> "Wolfgang S. Rupprecht"
> <wolfgang+gnus20041124T155740 at dailyplanet.dontspam.wsrcc.com> wrote in
> message news:<x7fz2ykavr.fsf at bonnet.wsrcc.com>...
>> Brad Knowles <brad at stop.mail-abuse.org> writes:
>>> So, the pool.ntp.org project needs another way to get these people
>>> to stop abusing the servers, and the method being proposed by Simon
>>> is that we give them an "obvious" bogus time reference,
>> How about this idea: have each client announce it's name and
>> version number in every request packet. Unapproved clients get
Trivially spoofable because we dont't have (so-called) trusted operating
systems which provide secure remote client attestation.
>>For a client to be approved for serving at pools.ntp.org someone at
>>pools.ntp.org needs to audit and give their stamp of approval.
There is nothing to prevent a bad actor from modifying previously
>> This wont stop someone willfully beating on a pools server with
>> homegrown code, but then nothing will. We are talking about udp
>> after all. The best pools.ntp.org can do is get the attention of the
>> developers up front in a way that the developers can't ignore.
> Why do people want to reinvent something that's already in NTP 4?
> Just use the authentication scheme to authenticate the clients to the
> server just like servers are authenticated to the clients today.
Authenticating clients to the server would require that the server
maintain some state for each client as well as a considerable amount of
server-side authentication work. As I understand it this would
negatively affect time service on busy servers.
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions