On Sep 10, 2012, at 8:13, Nico Golde <[email protected]> wrote: Hi,
[Adding NTP authentication] > I CC'ed Ask who is maintaining pool.ntp.org for this discussion. > Ask, is there such a requirement and I missed it or is it not existent? > If not, how realistic is it to change this? Completely unrealistic with volunteer/public servers, sadly. If you give it a bit of thought you'll realize it can't work. :-) If we were to add authentication to the pool.ntp.org system, everyone would have to know the key so it'd not serve any purpose at all. We could setup a set of servers with authentication, but that'd be a much smaller list of servers (for better and worse). It wouldn't be like the current NTP Pool at all. Next would be to add DNSSEC to the DNS (which is non-trivial with the current zone and the current resources; at peaks the DNS servers get 20-30k qps and each response is different so you have to sign in "real-time".). If there's a need and resources, I could run a zone with DNSSEC and with autokey configured, but it'd not be possible in the "open source"/"everyone volunteers a resource or two" scheme. Ask -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
