[LEDE-DEV] [OpenWrt-Devel] [PATCH] busybox: sysntpd - Support for NTP servers received via DHCP(v6)
David Lang
david at lang.hm
Fri May 20 06:18:57 PDT 2016
On Fri, 20 May 2016, Jo-Philipp Wich wrote:
> Hi Hans,
>
>> I wanted to preserve the ntp server behavior and only change the
>> behavior when configured in order to keep backwards compatibility. You
>> favour enabling DHCP ntp server config without explicit config ?
>
> Personally I do because thats likely what most users expect, but then
> trusting foreign NTP server advertisements might be a security sensitive
> topic - on the other hand one trusts the default gateway and DNS
> advertisements too, so I don't know.
NTP isn't signed.
If I can control your DNS, I can probably control your NTP by giving you the
wrong IP for the NTP server
If I can control your gateway, I can redirect all your NTP queries to someone
else (NAT, redirects, etc)
so why not trust the NTP server being provided?
David Lang
More information about the Lede-dev
mailing list