[ntp:questions] Re: Reach error codes
David L. Mills
mills at udel.edu
Thu Jan 26 18:10:42 UTC 2006
For background see the PTTI paper by folks at NIST, USNO, UWisc and
myself about ill-behaved NTP clients at
suspect you already know about those incidents. The rfc4330 is the
result of the ID I cited which gives very explicit behavior expectations
of any NTP client. The RFC I downloaded from the IETF list is at
http://www.eecis.udel.edu/~mills/database/rfc/rfc4330.txt. However, that
RFC is no longer on the IETF ist for whatever reason.
I have for a long time not been in favor of distributing an SNTP version
in the same package as NTP. That and perhaps other items in the current
distribution should be packaged separately. I say this because those who
want only SNTP should be able to download a specific package without all
the cruft of the entire distribution. Doing that also provides
responsiblity separation and plausible deniability should the SNTP
client do something evil.
Having said that, and in view of the stir the original NIST, USNO and
UWisc incidents and the RFC, there should be a definitive statement of
compliance in any SNTP distribution leaving here. Having accomplished
that, the next step is to beat on the manufacturers like Symmetricom, et
al, to swear compliance. I think you see where this is going and the
importance of the mission.
Danny Mayer wrote:
> David L. Mills wrote:
>>I asked the question some time ago whether you or another author
>>stipulated that the SNTP client does or does not comply with the
>>proposed ID update of rfc2030, which has apparently become rfc4330. I
>>say apparently, because I saw and downloaded it a few jiffies ago, but
>>it is not in the RFC list now. In any case, I did not get an answer.
> Is this in the reference implementation? I'd have to look at the RFC to
> understand what you mean about the proposed ID update RFC2030.
> questions mailing list
> questions at lists.ntp.isc.org
More information about the questions