[ntp:questions] Autokey users - please read

Todd Glassey tglassey at earthlink.net
Fri Sep 11 15:00:49 UTC 2009


Ryan Malayter wrote:
> I don't use autokey in production, but I would also suggest that if
> the issue causes the reference implementation to violate RFCs and also
> creates a security issue with key shortening, it should be fixed
> without any options to go back to the bad behavior. Actually, the
> security issue might in fact be major, if the a zero is randomly
> generated in the first few bytes of the key, correct?
>
> Please don't take the Microsoft route, where praying to the altar of
> backwards compatibility means you are stuck with ugly hacks for
> decades. That might make sense for MSFT and its customers, but I don't
> think it makes sense here. The experts in this forum routinely advise
> questioners "that's too old, upgrade to a newer release"; this
> situation should prove no different.
>   
If you 'fix' NTP like this it will be removed from the MANDATORY SW 
components of a number of standards because it will break the operations 
of existing systems.

Todd Glassey
>   
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.409 / Virus Database: 270.13.90/2361 - Release Date: 09/10/09 18:12:00
>
>   




More information about the questions mailing list