On May 10, 2016, at 4:40 PM, Gary E. Miller <gem@rellim.com> wrote:
Yo Jared!
Yo, Gary!
On Tue, 10 May 2016 16:29:26 -0400 Jared Mauch <jared@puck.nether.net> wrote:
If you’re using Redhat based systems consider using chrony instead, even the new beta fedora 24 uses 4.2.6 derived code vs 4.2.8
Or, new but under heavy development: NTPsec : https://www.ntpsec.org/
It is a fork of classic NTPD, but was not vulnerable to most of the recent NTPD CVEs.
Yeah, there are some issues here in how the NTP community has implemented solutions without discussing with each other through the community splits. The NTPWG at IETF has been in a bit of stasis for years now because the various aspects of how it works, and those who present sometimes don’t output in the most organized fashion requiring a lot of effort on the receiver. There’s also a very narrow universe of people who actually care about the implementations and details, with people like Majdi, Harlan and Miroslav understanding the needs more than I’ve seen anyone from the ntpsec/cisco funded side grasp the nuances of. As a general statement, we are well served by having diverse and robust implementations, but as we’ve seen in the (mostly) router space that NANOG community cares about.. there are far more BGP implementations than NTP. This isn’t good if the community wants to move to a model of certificate based routing and the dependent infrastructure is weak. I would suggest moving parts of this discussion to either the NTP Pool or the NTPWG mailing lists. - jared