On 20/05/16 14:43, Hans Dedecker wrote:
On Fri, May 20, 2016 at 3:18 PM, David Lang <da...@lang.hm> wrote:
On Fri, 20 May 2016, Jo-Philipp Wich wrote:
Hi Hans,
I wanted to preserve the ntp server behavior and only change the
behavior when configured in order to keep backwards compatibility. You
favour enabling DHCP ntp server config without explicit config ?
Personally I do because thats likely what most users expect, but then
trusting foreign NTP server advertisements might be a security sensitive
topic - on the other hand one trusts the default gateway and DNS
advertisements too, so I don't know.
NTP isn't signed.
If I can control your DNS, I can probably control your NTP by giving you the
wrong IP for the NTP server
If I can control your gateway, I can redirect all your NTP queries to
someone else (NAT, redirects, etc)
so why not trust the NTP server being provided?
OK let's make the concensus to enable use_dhcp by default
If there are none from dhcp, it'll fall back to the configured list?
Servers from dhcp are extra? or replacing the configured?
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
