On Fri, May 20, 2016 at 3:18 PM, David Lang <da...@lang.hm> wrote: > On Fri, 20 May 2016, Jo-Philipp Wich wrote: > >> Hi Hans, >> >>> I wanted to preserve the ntp server behavior and only change the >>> behavior when configured in order to keep backwards compatibility. You >>> favour enabling DHCP ntp server config without explicit config ? >> >> >> Personally I do because thats likely what most users expect, but then >> trusting foreign NTP server advertisements might be a security sensitive >> topic - on the other hand one trusts the default gateway and DNS >> advertisements too, so I don't know. > > > NTP isn't signed. > > If I can control your DNS, I can probably control your NTP by giving you the > wrong IP for the NTP server > > If I can control your gateway, I can redirect all your NTP queries to > someone else (NAT, redirects, etc) > > so why not trust the NTP server being provided? OK let's make the concensus to enable use_dhcp by default
Hans > > David Lang _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
