On Fri, May 20, 2016 at 3:59 PM, Conor O'Gorman <i...@conorogorman.net> wrote: > > > On 20/05/16 14:43, Hans Dedecker wrote: >> >> On Fri, May 20, 2016 at 3:18 PM, David Lang <da...@lang.hm> wrote: >>> >>> On Fri, 20 May 2016, Jo-Philipp Wich wrote: >>> >>>> Hi Hans, >>>> >>>>> I wanted to preserve the ntp server behavior and only change the >>>>> behavior when configured in order to keep backwards compatibility. You >>>>> favour enabling DHCP ntp server config without explicit config ? >>>> >>>> >>>> Personally I do because thats likely what most users expect, but then >>>> trusting foreign NTP server advertisements might be a security sensitive >>>> topic - on the other hand one trusts the default gateway and DNS >>>> advertisements too, so I don't know. >>> >>> >>> NTP isn't signed. >>> >>> If I can control your DNS, I can probably control your NTP by giving you >>> the >>> wrong IP for the NTP server >>> >>> If I can control your gateway, I can redirect all your NTP queries to >>> someone else (NAT, redirects, etc) >>> >>> so why not trust the NTP server being provided? >> >> OK let's make the concensus to enable use_dhcp by default >> >> > If there are none from dhcp, it'll fall back to the configured list? > > Servers from dhcp are extra? or replacing the configured? Servers from DHCP are extra; thus on top of the configured ones
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
