[ntp:questions] Due diligence
cbbrowne at acm.org
Mon May 2 01:10:43 UTC 2005
After takin a swig o' Arrakan spice grog, Brad Knowles <brad at stop.mail-abuse.org> belched out:
> At 8:18 AM -0700 2005-05-01, Lee Sailer wrote:
>> As I am sure that you all know, there is a legal concept of "due
>> diligence". More of less, this means that you are trying to do things
>> right, even if you are not doing things perfectly. (I am not a lawyer.
>> No flames, please.)
> My wife is a lawyer. I am familiar with the concept.
>> HP-UX ships with version 3.5f of xntpd (I think). For those NTP buffs
>> out there, do you think the use of this old version is good enough to
>> show due diligence? My company supplies financial services (not time
>> services) to cusotmers world-wide. We use NTP internally to keep our
>> hosts in sync.
> I think a lot depends on the type of services and how
> time-sensitive your services are. For example, a local accountant who
> handled the taxes for private individuals would probably not need a
> great deal of accuracy in their system clock. However, an Investment
> bank with whole rooms full of Wallstreet stock traders, would have
> much higher requirements for clock accuracy. Both firms provide
> "financial services", the issue is what kind of services, how much
> money is being handled, and how much does a single second of downtime
> cost you?
There is another issue on the flip side, on the 'side of security.'
xntp has known exploits, and is no longer being actively maintained.
There is a good argument for that implying that using it represents
something of a security danger...
"I have seen the future, and it does not work."
More information about the questions