[189188] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue May 10 16:51:39 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20160510134040.60c35755@spidey.rellim.com>
Date: Tue, 10 May 2016 16:51:25 -0400
To: "Gary E. Miller" <gem@rellim.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On May 10, 2016, at 4:40 PM, Gary E. Miller <gem@rellim.com> wrote:
>=20
> Yo Jared!
>=20
Yo, Gary!
> On Tue, 10 May 2016 16:29:26 -0400
> Jared Mauch <jared@puck.nether.net> wrote:
>=20
>> If you=E2=80=99re using Redhat based systems consider using chrony=20
>> instead, even the new beta fedora 24 uses 4.2.6 derived code
>> vs 4.2.8
>=20
> Or, new but under heavy development: NTPsec : https://www.ntpsec.org/
>=20
> It is a fork of classic NTPD, but was not vulnerable to most of the=20
> recent NTPD CVEs.
Yeah, there are some issues here in how the NTP community has =
implemented
solutions without discussing with each other through the community =
splits.
The NTPWG at IETF has been in a bit of stasis for years now because the
various aspects of how it works, and those who present sometimes don=E2=80=
=99t
output in the most organized fashion requiring a lot of effort on the
receiver.
There=E2=80=99s also a very narrow universe of people who actually care =
about the
implementations and details, with people like Majdi, Harlan and Miroslav
understanding the needs more than I=E2=80=99ve seen anyone from the =
ntpsec/cisco
funded side grasp the nuances of.
As a general statement, we are well served by having diverse and robust
implementations, but as we=E2=80=99ve seen in the (mostly) router space =
that NANOG
community cares about.. there are far more BGP implementations than NTP.
This isn=E2=80=99t good if the community wants to move to a model of =
certificate based
routing and the dependent infrastructure is weak.
I would suggest moving parts of this discussion to either the NTP Pool =
or the
NTPWG mailing lists.
- jared=
