[ntp:hackers] Protocol specification modification for MS-SNTP

David Mills mills at udel.edu
Thu Jul 9 16:55:51 UTC 2009


Martin,

Whomever compiles and distributes the package is welcome to fiddle the 
options as they please. Those that do usually turn off debugging, so at 
least they have to understand how to do that. Your argument makes no 
traction with me.

Dave

Martin Burnicki wrote:

>Dave,
>
>Dave Mills wrote:
>  
>
>>Dave,
>>
>>I might not have been clear. The resonse to a symmetric active request
>>is unconditionally a symmetric pasive packet. If authentirated, an
>>association is mobilized. There is no way a symmetric active peer can
>>tell if an association has been mobilized or not. This is all consistent
>>with the spec and no enable bit is necessary.
>>    
>>
>
>That's IMHO a good solution and I appreciate this.
>
>  
>
>>I continue to be uncomfortable with an agenda that says compile the code
>>whether or not it might be used. Is there some way you can tell from the
>>environment that Samba is active? Thie Autokey code is compiled only if
>>OpenSSL is present by default. This puppy is getting downright huge and
>>needs to be potty trained.
>>    
>>
>
>In my opinion the problem is that nowadays only few people build the NTP 
>package on their final target systems.
>
>Not only the Windows port is shipped as a set of binaries, also Linux, 
>Solaris, and (AFAIK) FreeBSD provide binary packages which are precompiled by 
>the maintainers of the OS or distribution. So, for example, only the 
>maintainers need to have the openSSL headers installed. On the end user's 
>target system it is sufficient to have the openSSL libs installed.
>
>Similarly, the end user can decide whether he wants to have the Samba daemon 
>running or not, and I don't believe he would be happy to recompile the NTP 
>daemon just because Sambe shall be running but the NTP installation package 
>comes with support for Samba authentication disabled.
>
>Martin
>  
>



More information about the hackers mailing list