Yo Eric! On Tue, 29 May 2018 16:17:36 -0400 "Eric S. Raymond" <e...@thyrsus.com> wrote:
> Please either choose one drop/no-drop or explain why these cases
> should be treated separately.
If that is the choice, the choice should be no-drop.
A ton of ntpd installations were setup a long time ago, and unlikely an
admin ever looks a the config. Even new ones are setup from age-old
howto's that use the built-in ntpd IP filtering.
if a distro should update from NTP Classic to NTPsec, and the admin
is asleep at the wheel (99% probability), then the security features
configured into ntdp on day-one will be lost, but no compensating
security features, like a firewall, are configured to compensate.
Now the poor system is wide open to abuse. Bad outcome. NTPsec gets
a blck eye as being 'insecure'.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpJ6jjCRY_RZ.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
