On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: > I'd like to propose that FreeBSD move to OpenNTPD, which appears to > have none of the > fixed or unfixed (!) vulnerabilities that are present in ntpd. > There's already a port. >
Historically OpenNTPD has been dismissed as a candidate because of its reduced accuracy and missing security features. For example, it doesn't implement the NTPv4 functionality or authentication. Quite literally the OpenNTPD is vulnerable to a MITM attack because of the lack of authentication. Their stance has been that you should trust your NTP servers and suggest using a VPN for the NTP traffic. Probably not a bad idea, honestly. I don't have a qualified opinion, but that should get you on the right track if you want to research further. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
