At 11:52 AM 12/22/2014, Chris Nehren wrote:
Heartbleed, more than any other vulnerability in recent memory, showed us users on the outside of the Project just how much effort is involved in patching the base system (thank you, again, DES, for being patient and explaining all the details!). Because of this, I am reticent to support more software going into the base system.
I understand your concern! Frankly, both ntpd and OpenNTPD have more functionality than ought to be in the base system. The daemon in the base system probably should only query trusted servers for the time, as securely as possible, rather than also being a server itself. Within my own network, I have used cron and ntpdate (even though it's officially deprecated) on most of the clients, querying a couple of trusted local time servers. I've then armored those servers -- which do query the outside world -- as much as possible against abuse, with very restrictive security settings and stateful firewall rules for good measure. This is a super-lightweight approach from the clients' point of view; it takes up as little CPU and memory as possible on them. But it obviously has some drawbacks; in particular, it doesn't continuously correct the clocks but makes them jump at particular times of day. Ultimately, I'd love to see the whole world go to PKI-based digital signatures on responses to time queries. With the crypto accelerators that are now being built into many CPUs, this will probably become practical... IF one can trust the hardware not to have security holes or backdoors. Which is, of course, a big "if." --Brett Glass _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
