[LEDE-DEV] [OpenWrt-Devel] [PATCH] busybox: sysntpd - Support for NTP servers received via DHCP(v6)
Hans Dedecker
dedeckeh at gmail.com
Fri May 20 07:11:54 PDT 2016
On Fri, May 20, 2016 at 3:59 PM, Conor O'Gorman <i at conorogorman.net> wrote:
>
>
> On 20/05/16 14:43, Hans Dedecker wrote:
>>
>> On Fri, May 20, 2016 at 3:18 PM, David Lang <david at lang.hm> wrote:
>>>
>>> On Fri, 20 May 2016, Jo-Philipp Wich wrote:
>>>
>>>> Hi Hans,
>>>>
>>>>> I wanted to preserve the ntp server behavior and only change the
>>>>> behavior when configured in order to keep backwards compatibility. You
>>>>> favour enabling DHCP ntp server config without explicit config ?
>>>>
>>>>
>>>> Personally I do because thats likely what most users expect, but then
>>>> trusting foreign NTP server advertisements might be a security sensitive
>>>> topic - on the other hand one trusts the default gateway and DNS
>>>> advertisements too, so I don't know.
>>>
>>>
>>> NTP isn't signed.
>>>
>>> If I can control your DNS, I can probably control your NTP by giving you
>>> the
>>> wrong IP for the NTP server
>>>
>>> If I can control your gateway, I can redirect all your NTP queries to
>>> someone else (NAT, redirects, etc)
>>>
>>> so why not trust the NTP server being provided?
>>
>> OK let's make the concensus to enable use_dhcp by default
>>
>>
> If there are none from dhcp, it'll fall back to the configured list?
>
> Servers from dhcp are extra? or replacing the configured?
Servers from DHCP are extra; thus on top of the configured ones
More information about the Lede-dev
mailing list