[ntp:questions] Re: "Listen on" semantics

Maarten Wiltink maarten at kittensandcats.net
Mon Sep 25 14:23:15 UTC 2006


"Danny Mayer" <mayer at ntp.isc.org> wrote in message
news:4515FCC3.109 at ntp.isc.org...
> Maarten Wiltink wrote:

>> At this point, people will shriek 'that's an SNTP server! Not NTP!'
>> But is it? What's the difference? The current definition seems to
>> be that to be an NTP server, you have to implement the client
>> functionality (the math) yourself. I think it's more important _that_
>> the math is being done. _Where_ is not that important.
>
> No, that's not true. The receiving end MUST be the one doing the math.

I meant which process at the receiving end. It might be the client part
even though the server part would be the one claiming 'it _is_ being
done'.


>>> OpenBSD's OpenNTP was, as I recall (and IMO), originally a
>>> malignantly broken SNTP implementation.
>>
>> Malignantly, no less? Come off it. Sure, they made mistakes, but that
>> wasn't the intent. The intent was to build something with no exploits.
>> If the question is what comes first, working right or not getting
>> rooted, well, they _are_ OpenBSD.
>
> Which means absolutely nothing. People don't set up to create buggy
> or exploitable code.

No. But some people actively set up to create code with no exploits.


> [...] On top of that even if the code is not exploitable it doesn't
> mean that it's correct.

People don't set up to create incorrect code, either. NTP is not
without bugs. OpenBSD is not without holes. (For humility, guess which
one is closer.)


>> (Wouldn't a client-mode real NTP, combined with an OpenSNTP server,
>> be the ideal configuration?)
>
> No.

For answering a tongue-in-cheek rhetorical question... no points.

Groetjes,
Maarten Wiltink





More information about the questions mailing list