> This is a pretty baseless fear. The servers in the ntp pool > are constantly monitored and those that are off by more than 100ms > are quickly removed (within 2-3 hours, IIRC).
In computer security it's a big no-no to use unknown or untrusted sources of information, as simple as that. A random source of information is both untrusted and unknown. You would never see a data center using ntp pool servers, or at least I haven't see any. Back in the days we actually set up agreements with selected NTP sources to give us authenticated NTP traffic. Of course the key management tends to be a substantial amount of overhead, so in every data center where we actually had access to the sky we installed stratum-1 gps rubidium servers and called it a day. Then of course there is also the argument as to whether the monitoring code is robust enough, and whether it uses a known trusted authority for time, or at least one which is not easily spoofed or hacked. -- Fio Cattaneo Universal AC, can Entropy be reversed? -- "THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER." On Sun, Nov 3, 2019 at 8:00 AM Attila Kinali <att...@kinali.ch> wrote: > > On Sat, 19 Oct 2019 18:24:57 -0700 > Fiorenzo Cattaneo <f...@cattaneo.us> wrote: > > > The main reason I do not trust "pool" servers is because there is no > > guarantee of which server you will get. I might be paranoid, but I am > > worried about rogue servers, and I much rather trust well known public > > stratum-1 NTP servers. > > This is a pretty baseless fear. The servers in the ntp pool > are constantly monitored and those that are off by more than 100ms > are quickly removed (within 2-3 hours, IIRC). Of course, if you > are already using one of those, then the removal will not help you. > But you are most likely using 3-5 servers anyways, which means ntp > will remove the "rouge" server on its own. > > Attila Kinali > > -- > <JaberWorky> The bad part of Zurich is where the degenerates > throw DARK chocolate at you. > > _______________________________________________ > time-nuts mailing list -- time-nuts@lists.febo.com > To unsubscribe, go to > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com > and follow the instructions there. _______________________________________________ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.