[LEDE-DEV] [OpenWrt-Devel] [PATCH] busybox: sysntpd - Support for NTP servers received via DHCP(v6)

Hans Dedecker dedeckeh at gmail.com
Fri May 20 06:43:21 PDT 2016


On Fri, May 20, 2016 at 3:18 PM, David Lang <david at lang.hm> wrote:
> On Fri, 20 May 2016, Jo-Philipp Wich wrote:
>
>> Hi Hans,
>>
>>> I wanted to preserve the ntp server behavior and only change the
>>> behavior when configured in order to keep backwards compatibility. You
>>> favour enabling DHCP ntp server config without explicit config ?
>>
>>
>> Personally I do because thats likely what most users expect, but then
>> trusting foreign NTP server advertisements might be a security sensitive
>> topic - on the other hand one trusts the default gateway and DNS
>> advertisements too, so I don't know.
>
>
> NTP isn't signed.
>
> If I can control your DNS, I can probably control your NTP by giving you the
> wrong IP for the NTP server
>
> If I can control your gateway, I can redirect all your NTP queries to
> someone else (NAT, redirects, etc)
>
> so why not trust the NTP server being provided?
OK let's make the concensus to enable use_dhcp by default

Hans
>
> David Lang



More information about the Lede-dev mailing list