Maarten Wiltink wrote: > At this point, people will shriek 'that's an SNTP server! Not NTP!' But > is it? What's the difference? The current definition seems to be that > to be an NTP server, you have to implement the client functionality (the > math) yourself. I think it's more important _that_ the math is being > done. _Where_ is not that important. >
No, that's not true. The receiving end MUST be the one doing the math. There is no way for the server to know what the delays are in getting a packet to the client. Only the client has a chance to know that. > > [...] >> OpenBSD's OpenNTP was, as I recall (and IMO), originally a malignantly >> broken SNTP implementation. > > Malignantly, no less? Come off it. Sure, they made mistakes, but that > wasn't the intent. The intent was to build something with no exploits. > If the question is what comes first, working right or not getting rooted, > well, they _are_ OpenBSD. Which means absolutely nothing. People don't set up to create buggy or exploitable code. I don't assume that just because they've given themselves a label that they have an automatic level of trust in their software. On top of that even if the code is not exploitable it doesn't mean that it's correct. > > (Wouldn't a client-mode real NTP, combined with an OpenSNTP server, be > the ideal configuration?) > No. Danny > Groetjes, > Maarten Wiltink _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
