[ntp:questions] IPv6 support for NTP - need ntp.org code archive for it

unruh unruh at wormhole.physics.ubc.ca
Mon Apr 25 23:24:32 UTC 2011


On 2011-04-25, Steve Kostecke <kostecke at ntp.org> wrote:
> On 2011-04-25, David Woolley <david at ex.djwhome.demon.invalid> wrote:
>
>> The original OpenNTPD was not a fork
>
> It was a re-implementation.
>
>> and was not an NTP (it was an SNTP). They produced it because of
>> reservations about the licence for the reference version.
>
> http://www.openntpd.org/goals.html

The following is a quote from that page.
I have no idea why ntpd is difficult to configure, or has questionable
licensed, or why they chrony does. 

Are there security holes in ntpd or chrony?
Do they not "just work" assuming a reasonable config file ( which some
distros seem to want to refuse to supply-- putting inthings like local
servers lines. )

And it is clear ntpd is also not after the last microsecond either. 


>
> Current NTP daemons are complex and difficult to configure and/or have
> questionable licenses. Because of this, only a limited number of systems
> run NTP, resulting in many machines that are off by months and even
> years. Our goal is to make NTP ubiquitous by providing a free simple
> implementation that is secure and easy to configure.
>
>     * Be as secure as possible. Code carefully, do strict validity
>       checks especially in the network input path, and use bounded
>       buffer operations. Use privilege separation to mitigate the
>       effects of possible security bugs.
>     * Provide a lean implementation, sufficient for a majority. Don't
>       try to support each and every obscure usage case, but cover the
>       typical ones.
>     * Try to "Just Work" in the background.
>     * Work with just a minimum of configuration.
>     * Reach a reasonable accuracy. We are not after the last
>       microseconds. 
>
> Also see:
>
> http://en.wikipedia.org/wiki/OpenNTPD
>
> http://www.openbsd.org/faq/faq6.html#OpenNTPD
>
> http://www.openbsd.org/papers/ntpd_sucon04/index.html
>
> http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
>




More information about the questions mailing list