[LEDE-DEV] [OpenWrt-Devel] [PATCH] busybox: sysntpd - Support for NTP servers received via DHCP(v6)
Conor O'Gorman
i at conorogorman.net
Fri May 20 06:59:44 PDT 2016
On 20/05/16 14:43, Hans Dedecker wrote:
> On Fri, May 20, 2016 at 3:18 PM, David Lang <david at lang.hm> wrote:
>> On Fri, 20 May 2016, Jo-Philipp Wich wrote:
>>
>>> Hi Hans,
>>>
>>>> I wanted to preserve the ntp server behavior and only change the
>>>> behavior when configured in order to keep backwards compatibility. You
>>>> favour enabling DHCP ntp server config without explicit config ?
>>>
>>> Personally I do because thats likely what most users expect, but then
>>> trusting foreign NTP server advertisements might be a security sensitive
>>> topic - on the other hand one trusts the default gateway and DNS
>>> advertisements too, so I don't know.
>>
>> NTP isn't signed.
>>
>> If I can control your DNS, I can probably control your NTP by giving you the
>> wrong IP for the NTP server
>>
>> If I can control your gateway, I can redirect all your NTP queries to
>> someone else (NAT, redirects, etc)
>>
>> so why not trust the NTP server being provided?
> OK let's make the concensus to enable use_dhcp by default
>
>
If there are none from dhcp, it'll fall back to the configured list?
Servers from dhcp are extra? or replacing the configured?
More information about the Lede-dev
mailing list