Richard Laager said:
> FWIW, for me, at least, the typical cases for daemons are:
> A) bind to localhost only (preferably at least ::1, else 127.0.0.1)
> B) bind to everything (with additional control happening in the kernel)
ntpd has 2 cases.
A) Client only - leaf node on the tree. (forest?
On 06/01/2018 10:06 PM, Mark Atwood via devel wrote:
> As I type and think more, I ask, "What does Chrony do?", and I look at
> [https://chrony.tuxfamily.org/doc/3.3/chrony.conf.html]. It has a
> "bindaddress" directive, which uses IP address, not interface name. And
> only one bind address can b
Yo Mark!
On Fri, 1 Jun 2018 20:06:44 -0700
Mark Atwood via devel wrote:
> But I do understand the pushback against that from GEM, and have been
> thinking about it for the past few days.
I'm all for iptables, or at least the modern equivalent. But iptables
does not adress the issue of binding
I still want to strip it all and delegate it to iptables, case OMEGA.
But I do understand the pushback against that from GEM, and have been
thinking about it for the past few days.
As I type and think: one of the fundamental problems with having longrunner
daemons try to keep track of addresses,
Thanks.
devel@ntpsec.org said:
> This is just off the top of my head, but I wonder if this is ultimately
> going to need an SSH-style "leap of faith" trust model. For example, the
> first time NTP starts up, it would ignore the NotBefore and NotAfter
> attributes, but validate everything else in t
On 06/01/2018 02:30 AM, Hal Murray via devel wrote:
> The catch is that the web certificates have expiration times and the code
> assumes the clock is reasonable.
This isn't limited to "web certificates", but applies to certificates
generally. Certificate expiration is fundamentally incompatible
> IIRC draft 10 didn't specify any certificate signing or out of channel
> distribution.
I thought I saw something like that, but that was a while ago and I was
expecting it and I wasn't reading that section carefully.
Plan A is to piggyback on the web certificate structure. Basically, the
