Inkwina <[EMAIL PROTECTED]> writes:
> In any case the concern with anonymous servers is not dissimilar from that
> wit anonymous mirrors.
It is quite dissimilar, in that an anonymous mirror (where you didn't
check the signatures) could take over your machine. There is no
evidence an anonymous bad actor controlling one of several clocks you
are reading could take over your machine -- even if he controlled all
the clocks, he could probably not take over your machine.

> If your security requirements are that stringent, you should be running your
> own stratum 1 ntpd (a gps reciever does not cost that much).

GPS signals can be externally corrupted with an appropriate
transmitter as well. There is no actual way to prove you have the
correct time. (This is one reason very few protocols require accurate
timekeeping for security.)

-- 
Perry E. Metzger                [EMAIL PROTECTED]

-- 
default ntp.conf should use pool.ntp.org servers
https://bugs.launchpad.net/bugs/104525
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to